Question

david[SDT] on Thu, 05 Apr 2018 12:59:09


Hi,

I can't succeed to sign my msi setup file with my new EV Code Signing certificate.

I always get this error: SignerSign() failed." (-2147024885/0x8007000b).

Using same command, I can successfully sign my exe files and dlls.

Thanks in advance for you help.


Sponsored



Replies

Mattew Wu on Fri, 06 Apr 2018 08:02:15


Hello,

According to the error code, you need to find more specific error info in the event log:

1.Run Eventvwr.msc.
2.Open the event log: Event Viewer (Local) > Applications and Services Logs > Microsoft > Windows > AppxPackagingOM > Microsoft-Windows-AppxPackaging/Operational
3.Look for the most recent error event

To know more details about the event ID, you could refer to How to sign an package using SignTool.

Best regards,

Mattew Wu

david[SDT] on Fri, 06 Apr 2018 08:17:24


Hi,

I've already checked those logs and there is no error.

However I've just noticed I'm using singtool from the SDK 8.1 and notice there is a SDK 10 :-D

It's installing, I'll try with it to see what happens.

david[SDT] on Fri, 06 Apr 2018 11:20:05


Using the latest sdk it works sometimes.

Very weird, using the same command sometimes it works and most of the time it doesn't sign.

here are some attempts:

C:\Release>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com/authenticode?td=256 /fd sha256 /a "Setup.msi"
Done Adding Additional Store
Successfully signed: Setup.msi

C:\Release>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com/authenticode?td=256 /fd sha256 /a "Setup.msi"
Done Adding Additional Store
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

C:\Release>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com/authenticode?td=256 /fd sha256 /a "Setup.msi"
Done Adding Additional Store
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2146885630/0x80092002)

david[SDT] on Fri, 06 Apr 2018 12:46:03


The msi files I'm trying to sign are built by Visual Studio 2015, using the extension Visual Studio Installer Projects.

The application properties are set as "Create application without a manifest".

There is not any manifest file created by me.

The Author and Manufacturer properties of the setup project correctly match the CN value of the Subject field of my EV certificate.

I can always successfully sign exe files, dll files, but it randomly succeed to sign my msi files.

I spent a half day with the technical support of the company who sold me the EV certificate, they told me it seems there is with the signtool program or the microsoft SDK.

Please help me to get a stable behavior.

david[SDT] on Mon, 09 Apr 2018 12:26:50


I tried to sign same files using same certificate and same command in a windows 10 VM (same build), 

and I can always successfully sign, for all attempts.

What could be the cause on my host to not have such normal behavior?

what could be the solution to solve this?

david[SDT] on Mon, 09 Apr 2018 12:35:49


Have just found the cause: my antivirus Trend Micro Worry Free Advanced is the problem.

When I deactivate it, I can sign without any problem and it is much faster to sign.

Now I have to find to which part I have to set an exception in the antivirus.

The strange thing is that I never had any problem to sign with my Authenticode certifcate,

but here with an EV Code Signing certificate my antivirus blocks something...