SignTool unexepected internal error - authenticode

I am running SignTool with the following command:
signtool sign /f keyfile.pfx /p mypassword pathToMsiFile.msi
and i get the following error:
SignTool Error: An unexpected internal error has occurred. Error
information: "Error: Store::ImportCertObject() failed."
(-2146893792/0x80090020)
It worked just until a day ago, and i have no idea what might have changed...
Any ideas would be great, thanks!
I managed to fix it.
Apperantly the user was corrupted.
after fixing the user using this KB from microsoft everything became right again.

I had the same issue but only when I'm trying to sign it under IIS/PHP script. When I run PHP from the console it's OK. And here there were no issue with account. Only one thing helped me - changing Anonymous Authentication Credentials for Site/application from Specific USER to Application pool identity.

I managed to fix it. Apperantly the user was corrupted.
after fixing the user using this KB from microsoft everything became right again.

None of the suggested answers worked for me using Windows 2008 R2 and IIS 7.5. What did work was to change a setting for the application pool. Here is what works on IIS 7.5.
Select your application pool and click Advanced Settings
Under Process Model, change Identity to LocalSystem
This is the only thing that worked for me, hopefully it will help others down the road.

I'm not sure if setting your Application Pool to run as the LocalSystem is a good idea from the security standpoint. One way to fix this error is to enable Load User Profile in Advanced settings for the Application Pool. Don't ask how long it took me to find it out...
Here's more details.

I was also experiencing this error within a web application which was using an IIS web application pool with domain credentials, but the "Load User Profile" was set to false. Once I set it to true, signtool.exe worked without issues.

Related

Visual Studio 2017 - How to fix error: We could not refresh the credentials for the account

My email address has changed and now I can't log into Visual Studio 2017.
The error is "We could not refresh the credentials for the account. Failed to refresh the access token".
How can I fix this?
This bug will be fixed in a future version.
For now:
Close down VS2017
Go to "C:\Users\{username}\AppData\Local\.IdentityService"
Rename "IdentityServiceAdalCache.cache" as shown below. (for example just add an underscore to it)
Restart VS2017 and log in.
NOTE: There are similar issues that this won't resolve, but this worked for me.
Open Visual Studio. Click Help, Send Feedback, Report a Problem...
This brings you to a login screen. If you log in from there, it will log you into Visual Studio.
What worked for me was to rename .identityservice and then restart VS and log in to your VSTS account. It then recreates a new .identityservice that it can access.
I tried by deleting only the IdentityServiceAdalCache.cache as in the accepted answer but it did not fix the problem.
For the record, I managed to fix it by deleting every files within the .IdentityService folder (located in C:\Users{username}\AppData\Local.IdentityService).
I have read dozens of posts on this topic discussing clearing out .IdentityService. I tried every variation of this solution that one might think of. None worked.
I ended up poking around and trying to manually login to my Microsoft account using Internet Explorer, but I could not connect to https://login.microsoftonline.com. I added the https://login.microsoftonline.com address to my Trusted Sites in Internet Options. Once I had done this, Visual Studio was able to connect to Microsoft and validate my account.
When an error occurs, Visual studio will log it's error messages in the following folder. Please check the logs located at
%Temp%\servicehub\logs
This can also be caused by network restrictions. Please disable your virus guard or firewall and check.
This issue can also be caused by running VS "As Administrator" and the administrator is a different user. Just some FYI.
None of these answers will resolve that issue unfortunately.
Very old thread but if someone is still having this issue, then try following in my footsteps:
I just deleted the entire .IdentityService folder, and launched visual studio again... It asks you to log in and works normally. (for me)
Make sure you can access https://login.microsoftonline.com
If your network is blocking that (perhaps to block Microsoft webmail), then the above solutions will not pertain to you. Either unrestrict access, or you will need some off-line version.
In case someone is still looking for an answer. What worked for me was checking that the AppData folder and Local folder were not on 'read only mode' in the path "C:\Users{username}\AppData\Local.IdentityService" and it just worked!
Check to make sure that your PC no limit(IP-Firewall) to Internet connection access.
Disable or turn off VPN
It happened to me when using an account that uses my organization's email-domain, and I guess it tried to verify it and it couldn't find it in their database, and as soon as I used an account with a onmicrosoft.com domain, it worked.
The interesting part is that it allowed me to create the Microsoft account with this organization email and I still use it for DevOps, and it just stopped me when signing in with Visual Studio, I don't understand why this difference is.
I hope this can help someone..
I have VS 2017 and had this exact issue. Simply deleting
C:\Users\{username}\AppData\Local.IdentityService did not work for me.
Follow the steps 1-2 below to see if you might have and identical cause of the problem, and the rest how to solved it if so.
Go to C:\Users\{user}\AppData\Local\Temp\servicehub\logs and open the latest error logs from VS.
IF you see "Retrieved tenant memberships, found '2' owned tenants", then follow the rest of the steps.
Go to azure portal then login under the username you are
trying to use.
The following steps may change by the time you read this, but you
want to get to step 6. Go to Manage Azure Directory.
Click "Switch Tenants"
I was linked to 2 tenants, one of which I did not need. This is what had been causing my issues. Select the useless tenants, and click "leave tenant".
Once this is completed, close all instances of VS.
Delete C:\Users\{username}\AppData\Local.IdentityService.
Open VS and login to your account.
I found the same behavior when using Administrator user.
Any other user can login and activate the license only for himself.
I don't think there is a way to activate for Administrator, which makes using this licensing awkward for usage in a shared resource (i.e. build server).
The one solution which worked for me was resetting the domain password and restarting the system.
I just wanted to share this because i was struggling with the same problem since 8 days tried everything on net and this worked.
Hope it helps someone :)
I updated Visual Studio with latest package and after rebooting my PC issue was solved. I was able to log-in
Opening VS as admin worked for me, none of the above did
I was getting this error from our proxy having restrictive rules in place, I was able to add the sites to a whitelist that were being blocked while trying to login.
Some of the sites I whitelisted in Webmarshal were:
*.windows.net
*.msocsp.com
*.ws.symantec.com
*.digicert.com
*.clicktale.net
app.vssps.visualstudio.com
demdex.net
For me it was due wrong system time, after setting correct time it got fixed automatically
I had the problem of not being able to sign in to VS after not using unity for a long time and then updating everything. The way I solved it was to open VS and then click help. This opened the sign in box with 'Personalization Account'. I clicked 'Account options' under the afore mentioned heading, and changed the 'Embedded web browser' to 'System web browser' in the right window. This enabled me to log in via my Edge browser and everything worked fine.
I just fixed it by changing folder to be public.
folder files: "C:\Users{username}\AppData\Local.IdentityService"
right click and choose property and uncheck the hidden and apply it.
If you are under a domain network there is a workaround (quick fix),
Adding or changing the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb
ProtectionPolicy = 1 (DWORD)
Check the most recent modified files at %temp%\servicehub\logs.
Check StorageUtilitiesSingleton-10788-lqnuymos-1.log
For an error like this: The computer must be trusted for delegation and the current user account must be configured to allow delegation.
If that is the case this might help you.
I has this issue recently.
Tried all the options above, none worked.
Get it sorted, after repairing Visual Studio, doing all the updates, restart and updated again, restart, another repair and bang! Worked like a charm.
Instead of doing all this, change embedded broswer to system browser so it will works normally in default browser and gets updated in VS.
In VS 2019 enabling System Web Browser instead of Embedded web browser fixed it for me,
Hope this helps someone
https://learn.microsoft.com/en-us/visualstudio/ide/work-with-multi-factor-authentication?view=vs-2019
I tried multiple things above such as
Renaming c:\users[user]\appdata\local.IdentityService
Logging directly in https://login.microsoftonline.com (noticed certificate issues)
Adding https://login.microsoftonline.com to the Trust Sites list in Internet Options
Opening VS as non-admin as well as admin
Reviewed the logs here: %Temp%\servicehub\logs
I also installed Chrome, setting it to the default browser, because many features were saying IE is no longer supported
Reviewing the logs gave me the clue I needed to solve my particular issue. The log stated there was an issue with SSL trust.
Consequently, I ran our local version of rootsupd.exe and installed any related Microsoft root certificates such as the DigiCert Global Root G2 to the Trusted Root Authorities. After rebooting my machine, I noticed VS began recognizing my account and was actually already signed in.

Unable to publish Windows Phone 8.1 application from Visual Studio 2013 Express

When I click on Store Menu -> Associate App with the Store ... OR Create App Packages I got the following error:
An unexpected network error has occurred. The app list cannot be refreshed. Please retry by pressing the Refresh button.
Even I can't upload the appx files because it fails when checking the app identity and publisher ...
I appreciate your help
Thanks
Sam
We are facing the same issue. This thread here says something about large number of apps that could be the reason. We have only 3 apps on the list. So it doesn't really seem to be the reason. Its the same with both Windows Phone and the Store apps. Accessing dashboard in the browser seems to be unaffected.
Also, I tried different ISPs to rule out that reason.
There seems to be a store problem. I'm talking to Microsoft's support, trying to get a feedback for the service to be back up.
Update:
Microsoft seems to have fixed the issue, which really was on their side.
Please, try again, as it should be all ok now. I've tested and it is all working.
I was facing this issue for the last 2 days. It works fine now. It was probably due to the account migration(so not all user would have faced this issue) and unrelated to the count of apps.
Can you try again?
Thank you all, it seems to be working now, MS fixed the issue.

403 Forbidden running MVC3 from VS2010

I've recently had a name change to my PC and rebooted. Before this change, I could run my MVC3 project from VS2010 using IIS 7. After the name change I getting:
Http Error 403 Forbidden Version Information: ASP.NET Development Server 10.0.0.0
I realise this could be a number of things so I'll try, in detail, to describe what's going on.
IIS
My IIS reverted back to v6 so I loaded 7 and set my DefaultAppPool to use .NET v4.0.
Security has all permissions for my account.
Request Filtering has 'Allow unlisted file name extensions checked (another answer on SO)
I'm using FireFox 24.0
VS2010 hasn't changed as far as I'm aware.
I'm not very familiar with IIS which, seems to me, is my problem so please bear this in mind if you decide to help. I'll gladly provide more information if needed.
thanks,
Paul
Do you actually have IIS7 installed or are you using IIS Express or Cassini?
I'm pretty sure that you'll be able to get things going again if you use the aspnet_regiis command.
Navigate to your .Net folder and run the following command aspnet_regiis -i
This isn't the answer but rather a different question. The problem wasn't IIS, the problem is with FireFox. I changed the default browser to Chrome and my app runs as it should.
Simple answer - I changed windows authentication password which wasn't updated in firefox. I changed the password to be in sync and it solved the issue.

"We couldn't get your developer license for Windows 8", error 0xC03F1014

Whenever I try to get my developer's license in Windows 8 Professional with WMC for Visual Studio Ultimate with Blend, I get this error:
We couldn't get your developer license for Windows 8. (Error 0xC03F1014)
How do I fix this error to get my developer's license?
If your copy of Windows 8 is cracked or activated illegitimately then you'll get this error.
If for whatever reason you don't want to / can't get a legitimate copy, then deactivating the crack to go back to the trial period, acquiring the license then re-activating it should fix this issue.
Try to follow these steps:
Create a temporary user account in windows 8
Install a fresh copy of VS 2012
Now try again. It should work now, then log out again and go back to your normal account. Now develop apps and deploy it. Hopefully it works for you.
You need not re-install the OS or the Visual Studio
Start the Task Scheduler service. This is usually disabled in enterprises/large organizations via Group Policy.
This situation happened to me after installing Windows 8 Pro Upgrade as a CLEAN installation. The problem was that the valid License Key failed to activate because a previous version of windows was not upgraded. Because it wasn't activated properly, the Developer License would also not register.
The following steps enabled me to activate the clean install:
Run the registry editor (regedit)
Find the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE
Change the value for 'MediaBootInstall' from 1 to 0
Open an elevated command prompt (run as admin)
Run the following command: slmgr -rearm
Reboot
Open an elevated command prompt (run as admin)
Run the following command: slui 3
Activate your valid Window 8 Pro Upgrade License Key
After my Windows 8 was properly activated, the Developer License renewed with no problems!
I was facing same issue. Error was due to Proxy Server. I was using internet by setting proxy server. U should have open internet to get the developer license.
See these type off error occurred to me . The scenario was I was connected to a proxy server and my proxy server was not allowing popup logins .
Check your internet connection and If the problem is not solved, reinstall VS
Run Visual Studio 2012 as administrator. It should prompt you automatically for the license. I had to login to my MSDN account at this time. If it doesn't come up, then go to Project -> Store -> Acquire Developmer License. This is what did it for me.
I had the same issue, with the additional information that there was a problem with the network (even though my network was fine).
For me, the problem was that my own user is a limited/normal user and doesn't have administrator rights. I did get a UAC prompt when I tried to get a license and I elevated the process to use my separate administrator account, but it didn't work.
What did work however was logging out from my normal user, signing in as my administrator account and try to get a developer license that way.
So apparently running under a non-privileged user is not something that VS2013 appreciates in scenarios like this. I'm not sure why there is a difference between elevating a process' rights through UAC and actually logging in as an elevated user.
Make sure you have all Windows Updates installed. If you can't update:
Install KB2913270 (x86/x64) (original info by Ahmad Wahid, thanks :))
Other tips:
Check the system date and time (it must not be ahead on their systems)
Try to disable NlaSvc service (Network Location Awareness)

The Windows Process Activation Service failed to generate an application pool config file

I suddenly cannot start IIS anymore on my Windows 2008 R2 server. The depending "Windows Actication Service" does not start.
In the Event Viewer I can see the following message:
"The Windows Process Activation Service failed to generate an application pool config file"
I've checked all IIS config files for typo's, none can be found.
I've tried to remove the IIS role from the server, which results in an error.
I'm totally desperate here. I've looked on Google for several hours, but none of the suggestions I've found helped.
Something has messed up permissions and the user account under which WAS runs does not have permission to create its working files. Probably you installed a service pack or similar.
Rebuild the box and apply all service packs to Windows before you install WAS, and then let it update itself and then install your own stuff.
Rebuilding boxes is no fun and takes far too long. Learn to use virtualisation and undo disks.
If you have another working server, you can import IIS configuration from there via Shared Configuration. I was able to resolve this error by doing so.

Resources