In my setup, i have a Sectigo EV code signing token plugged into my local (windows) machine. From that machine, i log in over RDP to another (windows) maching (in azure). On both machines, i have the "SafeNet Client" Software installed.
On the remote machine, i do run builds in as part of these builds .exe files and DLLs get signed using the cert on the token. This worked flawlessly for the last couple of years.
Lately, i had to renew the code signing token and at the same time, also got a new development (local) machine.
Now when i try to sign (using the same code/batch jobs, etc. like before), the signing fails, because the cert cannot be found on the remote machine.
i do remember having done something "special" for the signing to work a couple of years ago, but i do not remember if this was something with rdp configuration, a domain policy, a firewall policy or some configuration of the sectigo token.
I already asked the Sectigo support and they deny this setup is possible at all, which is clearly not true.
Any ideas what i need to tweak in order to be able use my previous singning setup again?
It appears nothing special has to be done, it 'just works'. I don't know why it did not work for me initially. However, i did uninstall the SafeNet Software on both the local machine and the remote machine and reinstalled. (First on the local machine, where the token is plugged in and next on the remote machine.)
No problems after that. No idea what caused the initial problems.
I need to install a cert to allow a browser to talk to localhost via our app. The .pfx file created for this purpose works great when imported with the Windows 10 MMC tool. But that's a lot of steps to make our users do manually.
By following the steps in this answer (Install a pfx certificate in a users store in Windows using WiX), I can build an MSI and it runs on the target machine without errors.
However, the cert does not exist in the usual "Certificates - Local Computer" MMC tool, nor can the cert be bound to the app with netsh. After a bit of searching, it turns out the cert is installed "somewhere in IIS", and is only visible in the IIS tool (?!).
Using openssl, I converted the .pfx to a .pem file. When running the MSI, this DOES seem to install the cert to the proper place (?!). However, the cert is missing the private key, so it also can't be bound with netsh ('SSL Certificate add failed, Error 1312').
What on earth is going on, and how can I make Wix install the certificate properly?
Well, I guess I figured it out. I tried running the MSI on a virgin Windows 10 installation, and the .pfx file installed correctly and can be bound ok.
So, my guess is that "something" is checking the local computer to see if IIS is installed, and makes the decision to install the cert in a place that only IIS can see or use it. There's probably a lot more going on behind the scenes, but that's the gist of it.
In summary, use a .pfx file to get the private key, and remember that the installation will only work on computers without IIS installed.
My email address has changed and now I can't log into Visual Studio 2017.
The error is "We could not refresh the credentials for the account. Failed to refresh the access token".
How can I fix this?
This bug will be fixed in a future version.
For now:
Close down VS2017
Go to "C:\Users\{username}\AppData\Local\.IdentityService"
Rename "IdentityServiceAdalCache.cache" as shown below. (for example just add an underscore to it)
Restart VS2017 and log in.
NOTE: There are similar issues that this won't resolve, but this worked for me.
Open Visual Studio. Click Help, Send Feedback, Report a Problem...
This brings you to a login screen. If you log in from there, it will log you into Visual Studio.
What worked for me was to rename .identityservice and then restart VS and log in to your VSTS account. It then recreates a new .identityservice that it can access.
I tried by deleting only the IdentityServiceAdalCache.cache as in the accepted answer but it did not fix the problem.
For the record, I managed to fix it by deleting every files within the .IdentityService folder (located in C:\Users{username}\AppData\Local.IdentityService).
I have read dozens of posts on this topic discussing clearing out .IdentityService. I tried every variation of this solution that one might think of. None worked.
I ended up poking around and trying to manually login to my Microsoft account using Internet Explorer, but I could not connect to https://login.microsoftonline.com. I added the https://login.microsoftonline.com address to my Trusted Sites in Internet Options. Once I had done this, Visual Studio was able to connect to Microsoft and validate my account.
When an error occurs, Visual studio will log it's error messages in the following folder. Please check the logs located at
%Temp%\servicehub\logs
This can also be caused by network restrictions. Please disable your virus guard or firewall and check.
This issue can also be caused by running VS "As Administrator" and the administrator is a different user. Just some FYI.
None of these answers will resolve that issue unfortunately.
Very old thread but if someone is still having this issue, then try following in my footsteps:
I just deleted the entire .IdentityService folder, and launched visual studio again... It asks you to log in and works normally. (for me)
Make sure you can access https://login.microsoftonline.com
If your network is blocking that (perhaps to block Microsoft webmail), then the above solutions will not pertain to you. Either unrestrict access, or you will need some off-line version.
In case someone is still looking for an answer. What worked for me was checking that the AppData folder and Local folder were not on 'read only mode' in the path "C:\Users{username}\AppData\Local.IdentityService" and it just worked!
Check to make sure that your PC no limit(IP-Firewall) to Internet connection access.
Disable or turn off VPN
It happened to me when using an account that uses my organization's email-domain, and I guess it tried to verify it and it couldn't find it in their database, and as soon as I used an account with a onmicrosoft.com domain, it worked.
The interesting part is that it allowed me to create the Microsoft account with this organization email and I still use it for DevOps, and it just stopped me when signing in with Visual Studio, I don't understand why this difference is.
I hope this can help someone..
I have VS 2017 and had this exact issue. Simply deleting
C:\Users\{username}\AppData\Local.IdentityService did not work for me.
Follow the steps 1-2 below to see if you might have and identical cause of the problem, and the rest how to solved it if so.
Go to C:\Users\{user}\AppData\Local\Temp\servicehub\logs and open the latest error logs from VS.
IF you see "Retrieved tenant memberships, found '2' owned tenants", then follow the rest of the steps.
Go to azure portal then login under the username you are
trying to use.
The following steps may change by the time you read this, but you
want to get to step 6. Go to Manage Azure Directory.
Click "Switch Tenants"
I was linked to 2 tenants, one of which I did not need. This is what had been causing my issues. Select the useless tenants, and click "leave tenant".
Once this is completed, close all instances of VS.
Delete C:\Users\{username}\AppData\Local.IdentityService.
Open VS and login to your account.
I found the same behavior when using Administrator user.
Any other user can login and activate the license only for himself.
I don't think there is a way to activate for Administrator, which makes using this licensing awkward for usage in a shared resource (i.e. build server).
The one solution which worked for me was resetting the domain password and restarting the system.
I just wanted to share this because i was struggling with the same problem since 8 days tried everything on net and this worked.
Hope it helps someone :)
I updated Visual Studio with latest package and after rebooting my PC issue was solved. I was able to log-in
Opening VS as admin worked for me, none of the above did
I was getting this error from our proxy having restrictive rules in place, I was able to add the sites to a whitelist that were being blocked while trying to login.
Some of the sites I whitelisted in Webmarshal were:
*.windows.net
*.msocsp.com
*.ws.symantec.com
*.digicert.com
*.clicktale.net
app.vssps.visualstudio.com
demdex.net
For me it was due wrong system time, after setting correct time it got fixed automatically
I had the problem of not being able to sign in to VS after not using unity for a long time and then updating everything. The way I solved it was to open VS and then click help. This opened the sign in box with 'Personalization Account'. I clicked 'Account options' under the afore mentioned heading, and changed the 'Embedded web browser' to 'System web browser' in the right window. This enabled me to log in via my Edge browser and everything worked fine.
I just fixed it by changing folder to be public.
folder files: "C:\Users{username}\AppData\Local.IdentityService"
right click and choose property and uncheck the hidden and apply it.
If you are under a domain network there is a workaround (quick fix),
Adding or changing the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb
ProtectionPolicy = 1 (DWORD)
Check the most recent modified files at %temp%\servicehub\logs.
Check StorageUtilitiesSingleton-10788-lqnuymos-1.log
For an error like this: The computer must be trusted for delegation and the current user account must be configured to allow delegation.
If that is the case this might help you.
I has this issue recently.
Tried all the options above, none worked.
Get it sorted, after repairing Visual Studio, doing all the updates, restart and updated again, restart, another repair and bang! Worked like a charm.
Instead of doing all this, change embedded broswer to system browser so it will works normally in default browser and gets updated in VS.
In VS 2019 enabling System Web Browser instead of Embedded web browser fixed it for me,
Hope this helps someone
https://learn.microsoft.com/en-us/visualstudio/ide/work-with-multi-factor-authentication?view=vs-2019
I tried multiple things above such as
Renaming c:\users[user]\appdata\local.IdentityService
Logging directly in https://login.microsoftonline.com (noticed certificate issues)
Adding https://login.microsoftonline.com to the Trust Sites list in Internet Options
Opening VS as non-admin as well as admin
Reviewed the logs here: %Temp%\servicehub\logs
I also installed Chrome, setting it to the default browser, because many features were saying IE is no longer supported
Reviewing the logs gave me the clue I needed to solve my particular issue. The log stated there was an issue with SSL trust.
Consequently, I ran our local version of rootsupd.exe and installed any related Microsoft root certificates such as the DigiCert Global Root G2 to the Trusted Root Authorities. After rebooting my machine, I noticed VS began recognizing my account and was actually already signed in.
I am hoping someone can shed some light on this situation. I have a WEB API that I am running in IIS Express. I was using it with SSL enabled. I have a console application that calls it like so:
https://localhost:12345/api/Controller/Method/arg
This was working great up until today. All of a sudden the client throws an exception when trying to connect stating:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
I have gone through and made sure that the IIS Express Development Certificate is in place under personal certificates. I have also done a repair on IIS Express. I also do not get this problem if I put the URL into Internet Explorer. I have no problem connecting to the WEB API when I go over normal HTTP. What would make this seemingly start happening for no reason?
Misha Beskin's answer to this question resolved it for me. Still no idea what caused it to get messed up in the first place.
After spending a lot of time for me the solution was pretty simple
I just opened the Certmgr.msc ---> deleted the localhost certificate from the Trusted Root certification authorities.
Then opened my solution (after I had run the identity sever) clicked run the visual studio asked fro me if I want generate new certificate to iis express (ssl), I had clicked yes and then it started to work properly:)
I've installed a wildcard SSL certificate for two subdomains that I'm working on for an organization. This is the first time I've worked with wildcard certificates, and I missed installing the intermediate certificate when I first set this up, which resulted in certificate revocation messages when I first tried to load them. I've reloaded the certificates correctly, and both subdomains check out now using http://www.sslshopper.com/ssl-checker.html.
The sites appear to load fine everywhere except on the two machines (Mac Laptop & Vista Desktop) that I use to develop on, where they're still showing revoked. I've tried to refresh my local CRLs using the following commands:
certutil -setreg chain\ChainCacheResyncFiletime #now (Vista)
and
crlrefresh r p (mac)
I've restarted both computers and cleared browser caches but am still not able to access. How can I get my local machines to forget that the certificate was initially revoked?
I needed to ask the organization I'm working with to regenerate the certificate. I installed that one and everything's good to go now.