none
Team Build Error when using Strong Naming

    Question

  • Hi I am getting the following error when trying to build my solution using Team Build. The projects are strong named an the key is in source control.
    Solution: MediaConnector.Client.Windows.sln, Project: MediaConnector.Domain.csproj, Compilation errors and warnings
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Common.targets(1718,7): error MSB4018: The "ResolveKeySource" task failed unexpectedly.
    System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
       at Microsoft.Build.Shared.ExceptionHandling.RethrowUnlessFileIO(Exception e)
       at Microsoft.Build.Tasks.ResolveKeySource.ResolveAssemblyKey()
       at Microsoft.Build.Tasks.ResolveKeySource.Execute()
       at Microsoft.Build.BuildEngine.TaskEngine.ExecuteTask(ExecutionMode howToExecuteTask, Hashtable projectItemsAvailableToTask, BuildPropertyGroup projectPropertiesAvailableToTask, Boolean& taskClassWasFound)

    The error referes to this section of the Microsoft.Common.targets file:
          <ResolveKeySource
              KeyFile="$(AssemblyOriginatorKeyFile)"
              CertificateThumbprint="$(ManifestCertificateThumbprint)"
              CertificateFile="$(ManifestKeyFile)"
              SuppressAutoClosePasswordPrompt="$(BuildingInsideVisualStudio)"
              ShowImportDialogDespitePreviousFailures="$(BuildingProject)"
              ContinueOnError="!$(BuildingProject)"
              >

            <Output TaskParameter="ResolvedKeyFile" PropertyName="KeyOriginatorFile" Condition=" '$(SignAssembly)' == 'true' "/>
            <Output TaskParameter="ResolvedKeyContainer" PropertyName="KeyContainerName" Condition=" '$(SignAssembly)' == 'true' "/>
            <Output TaskParameter="ResolvedThumbprint" PropertyName="_DeploymentResolvedManifestCertificateThumbprint" Condition=" '$(SignManifests)' == 'true' "/>

          </ResolveKeySource
    >
    To me it looks like it is some problem with finding the key, but i am not sure where to go from here. If i check the application out to a clean directory it builds fine so i assume that everything is being referenced ok.

    Does anyone have any ideas as to what is going on here?

    Thanks,
    Derek
    Monday, November 07, 2005 7:07 AM

Answers

  • For password protected signing keys to work on build without prompting, they need to be exported into a key container crypto store on the build machine under the account that performs the build. Once exported, the build will not ask for a password anymore. The crypto store will do the signing and take care to keep private key safe.

     

    One of the quicker ways to do this:

    -          Logon to the build machine using the build service account

    -          Run msbuild on any project that uses this signing key. It will prompt for the password and will export the key.

    -          Now start the TeamBuild full build.


    There are some other workarounds that we are currently investigating. We will let you know if we find a better one. Please let me know if this did not solve your problem.

     

    Thank you.

    Tuesday, November 08, 2005 1:01 AM

All replies

  • Well I found that the error is because my key requires a password.
    I cannot figure out how to give msbuild that password however. If anyone has any pointers...
    Monday, November 07, 2005 8:57 PM
  • For password protected signing keys to work on build without prompting, they need to be exported into a key container crypto store on the build machine under the account that performs the build. Once exported, the build will not ask for a password anymore. The crypto store will do the signing and take care to keep private key safe.

     

    One of the quicker ways to do this:

    -          Logon to the build machine using the build service account

    -          Run msbuild on any project that uses this signing key. It will prompt for the password and will export the key.

    -          Now start the TeamBuild full build.


    There are some other workarounds that we are currently investigating. We will let you know if we find a better one. Please let me know if this did not solve your problem.

     

    Thank you.

    Tuesday, November 08, 2005 1:01 AM
  • Just the answer i was looking for.

    Thanks very much.
    Tuesday, November 08, 2005 4:40 AM
  • Nagaraju

    Did you come up with any other workarounds?

    Thanks,

    Paul

    Tuesday, September 19, 2006 6:08 AM
  • I am getting this same error from my build process, I'm running it in NAnt and not MSBuild and using SVN instead of Team Build (which I'm assuming is a repo, if not then I'm just using SVN).  My question is how do I log onto the server as SYSTEM because that is who is running the script when it's getting this error message?  I'd run the script as system I just don't know how I'd log onto the system as SYSTEM.

    Thanks,
    Ryan
    Saturday, May 19, 2007 3:41 PM
  • I also tried Nagaraju's workaround but still receive a prompt for a password everytime I run MSBUILD.  If I leave the settings to the project for the certificate and build from MSBUILD it does not error.  The certificate in the project is a test one for developers so I have to pass in the location of my companies certificate.  Then the prompts start showing up.  If I change the project to use the official one no password prompts but then the official certificate has to be installed on all the developers machines (not something I wish to do).  I am hoping there is another workaround to get it in the the crypto store Nagaruju refers to.
    Thursday, August 30, 2007 3:04 PM
  • Hi Nagaraju,
     
    this solution doesn't fit:
     
    Here my error message:
     
    C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Common.targets(1782,7): error MSB4018: The "ResolveKeySource" task failed unexpectedly.
    System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
       at System.Windows.Forms.Form.ShowDialog(IWin32Window owner)
       at System.Windows.Forms.Form.ShowDialog()
       at Microsoft.Build.Tasks.ResolveKeySource.ResolveAssemblyKey()
       at Microsoft.Build.Tasks.ResolveKeySource.Execute()
       at Microsoft.Build.BuildEngine.TaskEngine.ExecuteInstantiatedTask(EngineProxy engineProxy, ItemBucket bucket, TaskExecutionMode howToExecuteTask, ITask task, Boolean& taskResult)

    What have i done?
    I have logged on to the build machine using the build service account -> tfsservice.
    Run MSBuild on the project that uses this signing key.
    It has prompted for the password the first time -> ok
    A second build runs without prompting for the password -> ok
     
    But when i started TFSBuild in this environment (logged on as tfsservice!) i got the same error.
     
    Is there any other workaround or is this problem solved in future versions of tfs?
    It is possible to transfer the password during the buildprocess?
     
    Thanks,
    Juergen
     
     
     
     
     
     
     
     

     

    Thursday, September 20, 2007 7:59 AM
  • I've been seeing the same issue, and it appears that the workaround no longer works with the 2008 Beta 2 release of Team Build. I've already successfully applied this workaround on our 2005 installs, but it fails now (not to mention that the Network Service account is support).

    Thus, is there another workaround? Is there some way to provide more data to the ResolveKeySource task? I'm off to dig, but it'd be nice if somebody could answer Wink
    Monday, September 24, 2007 7:17 PM
  • I cheated. I logged into the server as the TFSSERVICE user, then set up to build just as a developer would (set a working folder, got the source, did a build in VS2005). It asked me for the strongname, I put it in and the build completed. Now when I run a build remotely through TeamBuild it's happy.

    Tuesday, May 20, 2008 11:27 AM
  • I've been struggling with this issue for days now. I had someone generate the pfx. We logged into the build server using the same account used by team build. We imported the pfx into that account's personal store, using the required password.

    I still get the build error mentioned.

    I logged into the machine and tried a simple experiment of signing the deployment manifest manually with mage. I got the error:

    Signtool reported an error 'A certificate chain could not be built to a trusted root authority.' 
    This error might appear in the error list during ClickOnce deployment. The problem is that the certificate has a "chain" or "root authority" that is not trusted on the user's computer. This typically occurs with moving certs/keys from computer to computer.
    To correct this error, install "root certificate" of the Certificate Authority (CA) that created it. Typically you can go to the CA vendor's website and download it again as needed.
    

    Next up ... I had someone add the root certificate (I barely understand what I'm talking about here) as a trusted root cert on that machine.

    He saw my existing command prompt with mage and was able to execute the command again. It succeeded this time, so we figured we were good to go.

    No dice. The build continues to fail on the modal dialog problem.

    Can anyone else think of a way to get this thing working? Could it have somethign to do with the "chain of authority"? Again, I barely know what I'm talking about on that topic, but it came up as an idea last night.

    Thank you.
    Friday, May 08, 2009 1:21 PM