none
Error when installing new version of the plug-in with a new certificate RRS feed

  • Question

  • Hi,

    We have a plug-in that runs on Outlook 2016. Our plug-in is using VSTOInstaller.exe file to install new updates from the installation folder URL. Now, the certificate of our plug-in is about to expire, so we bought a new certificate and deployed a new version with the new certificate. 

    But during the installation of the new version with the new certificate, our plug-in have encountered a security error that is preventing it from updating to the new version, see error below:


    Exception: Customized functionality in this application will not work because it has not been granted trust. The certificate used to sign the deployment manifest is unknown, and the customization itself (Time Tracking System) is not on the inclusion list. Contact your administrator for further assistance.

    ************** Exception Text **************
    System.Security.SecurityException: Customized functionality in this application will not work because it has not been granted trust. The certificate used to sign the deployment manifest is unknown, and the customization itself (Time Tracking System) is not on the inclusion list. Contact your administrator for further assistance.
       at Microsoft.VisualStudio.Tools.Office.Runtime.OfficeAddInDeploymentManager.VerifyAddInTrust(ClickOnceAddInTrustEvidence evidence)
       at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState)
       at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
    The Zone of the assembly that failed was:
    MyComputer


    After searching for a solution over the internet, I found this article: http://www.aivanoff.net/Blogs/Details/VSTOwithHSA256fail. 
    For short, changing the RSAKeyValue from the "HKEY_CURRENT_USER\Software\Microsoft\VSTO\Security\Inclusion" in the registry with the RSAKeyValue of the new certificate will fix the problem. I have tried this solution and it worked but this is not the kind of solution that we want to give to our users.

    I have also tried solution from the URL below, but it did not work:
    https://social.msdn.microsoft.com/Forums/vstudio/en-US/b1289353-91ab-4f3f-be20-6d65615441bd/security-trust-issue-only-on-some-client-machines-outlook-addin?forum=vsto

    Could someone please let me know an explanation about why this error occur? And is there any other way to fix it?

    Thanks,
    Ben
    Wednesday, May 10, 2017 10:34 AM

All replies

  • Hello Ben,

    If you install the new version in the computer which doesnt install old version, would you get the error?

    Do you uninstall the old version before installing the new version with new certificate? If you uninstall the old version and then reinstall the new version, would you get any error?

    According to Certificate Expiration in ClickOnce Deployment, we need to uninstall the old version and reinstall. To programmatically uninstall and install a new version, you could refer to the sample in the link above.

    As for the exception, i would suggest you visit Securing Office Solutions to see the check process when Office loads Office solutions.

    Regards,

    Celeste


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, May 11, 2017 5:30 AM
    Moderator
  • Hello Celeste,

    Regarding your questions:

    "If you install the new version in the computer which doesnt install old version, would you get the error?"

    No


    "Do you uninstall the old version before installing the new version with new certificate?"

    No, we don't uninstall the old version, we only apply the new updates from the new version with new certificate.


    "If you uninstall the old version and then reinstall the new version, would you get any error?"

    No, I don't get the error when I uninstall the old version and install new version.


    Thank you for the information, I will check that now.

    Ben
    Friday, May 12, 2017 7:31 AM
  • Hello,

    The test results show that we need to reinstall the application if we change the certificate as the document mentioned.

    Does the solution in the Certificate Expiration in ClickOnce Deployment work for you?

    If your issue has been resolved, I suggest you mark helpful post or we would do appreciate if you could share your solution here.

    Regards,

    Celeste


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, May 23, 2017 5:37 AM
    Moderator