4

I'm using signtool to sign my c# assemblies. Everything worked fine until Windows 10 1803 Update. Now as soon as a restart the Computer or even after suspending the Computer I get the error: No certificates were found that met all the given criteria.

If I import the certificate again, everything works fine until the next restart...

I tried to Import the certificate into different Folders of the Windows Certificate Store, i imported it for the current User or for Computer, I deleted it in all folders bevor the Reimport... but the Problem is always the same.

Any hints would be great!

Markus
  • 2,184
  • 2
  • 22
  • 32
  • I'm having a similar issue on my build server, after the 1803 update. It started similar to yours, with the "No certificates were found..." error. When I started investigating, the problem suddenly disappeared (I didn't do anything that would've fixed it). But now, signtool fails sporadically. One of our builds has some 30+ dlls that are each signed and signtool fails with an "internal error occurred" on a random component. Still looking for the solution. – pvenky Jun 13 '18 at 19:05
  • @pvenky - just an idea - If you build in parallel this could cause the problem. I switched all my TFS builds to not build parallel and this solved all off my random build problems. – Markus Jun 14 '18 at 11:33
  • I'm not building in parallel and I still see sporadic failures. It always fails with this message: `EXEC : error information: "Error: SignerSign() failed." (-1073700864/0xc000a000)` but it fails on a different project each time. – pvenky Jun 21 '18 at 19:16

2 Answers2

4

Here is a hint. Run signtool with the /debug option. When I manually run it from the command prompt, I get the same error (No certificates were found) if I am not running command prompt as administrator. With the /debug option, you'll see all the certificates it matches and how it filters down to select the certificate to sign. My certificate gets eliminated at the last step (Private Key filter). If this is the case with you, try running with elevated permissions and see if that works.

In my case, for some reason, the VSTS build agent Windows service which runs the builds was not running after the 1803 update and I had manually started up the agent. This is why I was getting that error. Once I realized the service was down and I started it up as a service, the error went away.

pvenky
  • 182
  • 1
  • 11
  • Actually I came back to my Question because the problem suddenly dissapeared over the weekend. Even without installing any Updates. But I will keep this /debug option in mind! – Markus Jun 14 '18 at 11:36
0

I had to use the cert manager MMC to give the computer account of the build server rights to the certs private key

Dbloom
  • 1,302
  • 3
  • 18
  • 45