I am having an issue that seems to have been discussed on several occasions, but alas no solution seems to work for me. I am running VS 2013 on VMWare (on Mac) trying to publish a ClickOnce project.
Initially, I installed certificate from Windows Explorer, chose it from Store, and then from drop down list below to get
An attempt was made to reference a token that does not exist
The error does not go away after delete / repeat cycle. It only works with my personally created PFX files (obviously, not good for deployment).
I then tried exporting, uninstalling, then installing using command line, namely
certutil -importPFX -user <name.pfx> AT_SIGNATURE
But the problem persisted. At some it started working, but then I got the
Cannot import the following key file: companyname.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_3E185446540E7F7A
Running
sn -i <certificate.pfx> VS_KEY_XXXXXXX
Does not change anything.
I feel really lost here and would highly appreciate any help.
Related
I am currently developing a WinUI 3 application, but I believe the details of the application type are not that important for the question I have.
The application comes with a "Package project" for publishing the application using MSIX:
In the editor for the "Package.appxmanifest" file in the package project there is a "Packaging" tab that has a "Choose certificate" button for selecting a ".pfx" certificate file.
How I obtained the ".pfx" file:
My IT department logged onto my machine while the application for the windows certificate store was open. There we added a new "Code signing" certicate under "Own certicates", but which is not issued by me, but by the IT department. They told me that this certicate should also be trusted by client machines, when I publish applications signed with it, because it was issued by them and so it has a valid trust chain. Later I exported a pfx file based on that certicate which I am trying to use now.
Now, upon selecting this .pfx file in Visual Studio on the 'Packaging' tab, I get this error message:
Unfortunately the "The manifest designer could not import the certificate" error message does not come with the exact reason what the problem is.
I am quite sure that my certificate has a valid date and also is made for "Code signing".
I already found out that there are other users wondering about how to fix the certificate if this message appears. But nobody seems to know how to get told about the exact problem.
Is there some way I can use Visual Studio or Powershell or some other tool to tell me what the exact problem is for the certificate when I select it in Visual Studio and this error appears? I would like to have more detailed information than "there is something wrong with the exported .pfx certificate" that I can give to my IT department.
I am aware that I can specify this setting in the project file of the packing project in order to stop the error from appearing:
<EnableSigningChecks>false</EnableSigningChecks>
But I would also be very interested to know what the exact problem is. Thank you.
Additional information:
To check the pfx certicate file, I also executed the "certutil" command (with the -v option) as indicated here: https://superuser.com/a/580698/543294 In the large text dump file I find an issuer that I also find in the list of Trusted Root Certification Authorities of the certicate management application.
Did you edit the Publisher attribute of the element in your Package.appxmanifest to match the Subject property of the certificate?
This should not generate the error above. In the worst case, it could let you build the package and then fail to install it due to this mismatch, or it could fail to build the package.
What I suspect is that IT gave you a code signing certificate that they generated (instead of buying it from a certified vendor). This is perfectly fine if you plan to deploy your application only internally, inside your company, as they can deploy that certificate to all other machines from the company, so those machines trust it.
However, if the certificate was indeed generated by IT, and they didn't deployed yet to your machine, VS might see this is not a trusted certificate and could give this error.
You can check if the certificate is trusted by opening certmgr console and searching for the certificate in the Trusted Root Certification Authorities hive.
If it is not there, double click the PFX file and follow the wizard (from steps #4) to install it.
I've been looking around on this problem and whilst I've found a few "solutions" it seems that a lot of these "solutions" are stumbled upon or cannot adequtely explain what really worked.
I've tried a number of the solutions but I'm still having issues.
I've created a .PFX within Visual Studio. TeamCity and the Build Agent are all on my local development machine so there isn't any other PC involved in my situation.
When TeamCity tries to build this project I get an error:
error MSB3325: Cannot import the following key file: name.pfx. The key
file may be password protected. To correct this, try to import the
certificate again or manually install the certificate to the Strong
Name CSP with the following key container name:
VS_KEY_6E76201C7E991E97
Everything is running under Local System Account both Team City Server and the TeamCity Build Agent.
So where do I install the certificate? I've opened MMC.exe and imported it into a number of "obvious places" such as the Local Computer Certificate Snap-In. I tried importing it into the Personal and Trusted CA roots but neither of those worked.
So where on earth do you put it?
My solution to this was to create a new user account and import the pfx file under that user account. Then configure the TeamCity build agent on the machine to use that user as it's logon. For more steps on changing the credentials the build agent uses, see this post
Certificate is installed as a MSCP container (so it's not installed as a normal certificate).
Standard way is to use sn.exe but you can also use SnInstallPfx.exe
For more information, see the following blog article.
When I go to debug our app I get the following error message
Microsoft Visual Studio
Unable to activate Windows Store app 'xxxx'. The activation request
failed with error 'This app's package family has more than one package
installed. This is not supported'. See help for advice on
troubleshooting the issue.
OK Help
When I dig out the event log I found this error.
The app xxx App's package family (xxxx) has more than one package installed. This is not supported, so the app was not activated for the Windows.Launch contract.
In order to find out what other packages are installed I run the following PS script:
Get-AppxPackage -all
Looking at the output from the previous script I only see the one package that is installed from the visual studio location. I uninstalled the app from the start menu and run the script again and there is nothing installed.
The app is signed so I can’t change the package family name.
I have followed the steps in https://stackoverflow.com/a/14340075/127067 and I still can’t run our app from VS or from the installed package.
How do I find the other errant package family name? Dig through the registry?
What are some steps I can follow in order to run the app again?
Hard to guess how you did that. Double-click the Package.appxmanifest file in your project. Select the Packing tab, you'll see the Package family name for your app. It is made up from the package name, a guid, and a hash of your publisher name. The guid is supposed to make it unique, make sure you didn't change it.
Installed Store apps are recorded in the HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families registry key. Compare the entries with yours, a match will be a problem. Do try to get it uninstalled as normal before you start hacking the keys.
I also faced the same problem while I am developing a Windows App and trying to debug the same on my development machine.
So from the error message itself, it's clear that there is already an app installed on your app and installer cannot continue further because of that.
And above post, you get an idea what is happening inside our system and installer.
First time fixed the same problem with registry cleaning and clearing the registry entry for that particular app. You need to more mindful while doing the same.
But the second time, I face the problem again.
The actual question is why this is happening, at least on my machine.
When we try to create an app package (Project->Store->Create App Packages), we may change the package Version. This is the place where we are somehow creating that error.
Let's say I have already app installed on my machine from debugger with Version 1.0.0.1 and the second time we creating the app with version 1.0.0.2. Now, after creating an app we launch Windows App Certification Kit tool for verification of our app and it will fail (in my case). And if I want to debug the Windows app, it will show above error.
To solve this problem, what I did was, created the app package with the same version which is already installed on my machine and then tried to launch the debugger and that worked.
So this is my solution for this error. There may be some other way to solve this problem other than this and above mentioned solution.
On an infrequent random interval, some projects in a solution won't build anymore. Probably because of the strong named key file beging corrupt or lost..
resulting in the following errors when building the project:
Error 1 Metadata file
'D:\CasparKleijne.Toolkit\CasparKleijne.Toolkit\bin\Debug\CasparKleijne.Toolkit.dll'
could not be
found CasparKleijne.Toolkit.Reporting
Error 2 Cannot import the following key file:
CasparKleijne.Toolkit.pfx. The
key file may be password protected. To
correct this, try to import the
certificate again or manually install
the certificate to the Strong Name CSP
with the following key container name:
VS_KEY_11D604D4C94AB54 CasparKleijne.Toolkit
Error 3 Importing key file
"CasparKleijne.Toolkit.pfx" was
canceled. CasparKleijne.Toolkit
(assembly names are changed for some privacy reasons)
But the file is at the exact same location where it was, but I cannot import it anymore. I have to create a new one and all works fine again.
How can a file be at the correct location but still not be found by vs2010? what is this mystery? How can I avoid this?
Wild guesses:
Check your build configuration and ensure that project is set to build. Make sure it is not getting switched.
Otherwise, in my experience, weird problems like that are ususally due to Visual Studio caching things on its own.
There is no reliable way (or at least I haven't found yet) to detect what or where to look. I generally resort to a 'rinse-n-repeat' procedure:
Delete all obj/debug folders
Clear you temp directory
Close all VS instances and restart your IDE.
Do a rebuild
Its looking for a pfx file. I think that's a certificate file format. Maybe the certificate expired, or like the message said, it is password protected.
I have a Visual Studio 2008 ClickOnce solution that I am attempting to compile with "Sign Manifest" turned on.
With this option checked, I am prompted for my PFX files password, and upon entering the correct password I receive the error:
"Error Importing Key" / "Object already exists".
I'm sure I've hosed something. I've tried to run the following to no avail.
CERTUTIL -importPFX -user <pfxname>.pfx AT_SIGNATURE
I had the same problem. Starting Visual Studio with 'Run as Administrator' solved the issue.
I don't know if this will help for this problem, but I had something similar after a Vista to Windows 7 upgrade, and simply had to change permissions on the MachineKeys folder (C:\Documents and Settings\All Users\ApplicationData\Microsoft\Crypto\RSA\ in Windows 7)
See here:
Certificate problem - Error Importing Key "object already exists" after Windows 7 upgrade
Let me know if this was helpful :)
Another way I just discovered to fix this: Uncheck the "Sign the ClickOnce Manifests", exclude the cert file from the project in the Solution Explorer. Rename the cert file. Doesn't matter what, as long as it's different. Re-enable signing and choose the new file. Enter the password as requested. Build, yay!
Just wanted to add my own experience with this problem.
Mine came suddenly after doing a bunch of system-type changes... one of them being switching on Vista UAC to test the app I am working on.
Ran into this exact problem and it wouldn't compile. I'm freaking out...
... fixing the permissions seems on the ...\RSA\MachineKeys folder seems to have made the problem go away but looking at its permissions and noticing that devenv.exe (the VS IDE) was not told to "Run as Administrator" it is possible that this issue may be caused by UAC restrictions.
I hate the pseudo-admin mode in Vista....
I too am currently having difficulty with this. My situation is somewhat different to this in that I am attempting to generate a strong-name key file for my assembly
I haven't yet solved the issue but I believe it is caused because, for whatever reason the key already exists in the key store for the CSP used to generate the key. Why the key already exists, I don't know, nor have I found a way to remove it but I will update this question when I do