none
Security Trust Issue only on some client machines (Outlook Addin)

    Question

  • Hello,

    We have developed an Addin for Outlook (targets both 2007 and 2010), with VS 2010, targeting 3.5 SP1 Framework, installing o2007pia and VSTO 4 on client machines. We use MSI for installation (NOT ClickOnce) and have a bunch of registry values added correctly at each setup.

     

    We have purchased an Authenticode Signature from VeriSign for our signing.

     

    Mostly our installations our successful, however on some client machines we get the following error (which contradicts with reality):

     

    Microsoft.VisualStudio.Tools.Applications.Deployment.InstallAddInCanceledException: The add-in installation was canceled. ---> Microsoft.VisualStudio.Tools.Applications.Deployment.InstallAddInFailedException: The add-in could not be installed. ---> System.Security.SecurityException: Customized functionality in this application will not work because it has not been granted trust. The certificate used to sign the deployment manifest is unknown, and the customization itself (i-View) is not on the inclusion list. Contact your administrator for further assistance.

    I will explain why in fact what it states is wrong.

    1.     The addin has a valid certificate which (just in case) on these problematic installations is installed in the certificate store and the trusted publishers. The addin itself is signed. So it does not make sense to perceive the addin as not trusted.

    2.     The addin is included in the Inclusion List when the user Accepts to install the addin the first time.

     

    In other words we are stuck with a problem having an error message that is not helpful. And we haven’t found anyone with something similar.

    Any sort of assistance would be highly appreciated

    Dennis Sourvanos

    Thursday, March 03, 2011 11:43 AM

Answers

  • Hello Bessie,

    Thank you for your reply.

    Let me start off by saying that this issue was resolved. I would like to point out to a few things, as these may become invaluable information for others.

    First of all, as I had suspected, the error message displayed had NOTHING whatsoever to do with the actual problem. As I had initially stated, the message contradicts with reality because the certificate was a known certificate to the OS and secondly the addin was indeed referenced in the inclusion list.

    The action I took to discover what was going wrong was that I turned on the extra logging for VSTO applications. This was done by introducing a new environment variable for the machine named VSTO_SUPPRESSDISPLAYALERTS with a value 0 (zero).

    The NEW message that displayed had nothing to do with code signing and certificates. It was an actual error of the application due to a missing registry key.

    Therefore, because of a mishandled set of coding in the addin we were erroneously receiving a loading failure pointing to inclusion lists and unidentified certificates.

    Boy, was that a total misdirection.

    Hope this helps others as well.

    • Proposed as answer by dsourvanos Tuesday, March 08, 2011 9:01 AM
    • Marked as answer by Bessie Zhao Wednesday, March 09, 2011 7:06 AM
    Tuesday, March 08, 2011 9:01 AM

All replies

  • Hello Dennis,

    Thanks for posting. For this issue, I think we could try to do more test to narrow down this issue. Are there any similarities between these machines where the installation is problematic? Such as version of OS, Office, Visual Studio, and Net Framework.

    You could create a simple Outlook addin using a temporary certificate for signing. By installing this add-in, see this issue also happens in machines above.

    Also here are some threads about a similar error. Hope they could help you, and give you some useful information.

    Troubleshooting Office Solution Security:
    http://msdn.microsoft.com/en-us/library/bb772087.aspx.

    Signed VSTO Word Plugin Published to Server Won't Install:
    http://social.msdn.microsoft.com/Forums/en-US/vsto/thread/44841131-58e7-4b8a-add2-a9cff869b82e.

    VSTO 3.0 Excel 2007 Intranet deployment problem:
    http://social.msdn.microsoft.com/Forums/en-US/vsto/thread/3a287499-106b-4a97-988f-ce0ec43abfa1

    If this post does not help you, just feel free to follow up. Have a nice day.


    Bessie Zhao [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, March 07, 2011 8:36 AM
  • Hello Bessie,

    Thank you for your reply.

    Let me start off by saying that this issue was resolved. I would like to point out to a few things, as these may become invaluable information for others.

    First of all, as I had suspected, the error message displayed had NOTHING whatsoever to do with the actual problem. As I had initially stated, the message contradicts with reality because the certificate was a known certificate to the OS and secondly the addin was indeed referenced in the inclusion list.

    The action I took to discover what was going wrong was that I turned on the extra logging for VSTO applications. This was done by introducing a new environment variable for the machine named VSTO_SUPPRESSDISPLAYALERTS with a value 0 (zero).

    The NEW message that displayed had nothing to do with code signing and certificates. It was an actual error of the application due to a missing registry key.

    Therefore, because of a mishandled set of coding in the addin we were erroneously receiving a loading failure pointing to inclusion lists and unidentified certificates.

    Boy, was that a total misdirection.

    Hope this helps others as well.

    • Proposed as answer by dsourvanos Tuesday, March 08, 2011 9:01 AM
    • Marked as answer by Bessie Zhao Wednesday, March 09, 2011 7:06 AM
    Tuesday, March 08, 2011 9:01 AM