locked
The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP RRS feed

  • Question

  • Hi

    We are using TFS 2015 Update 1.

    I am getting issue when user has signed dlls to be used which is working fine with their local workstation.

    But during build execution getting below error

    C:\Program Files (x86)\MSBuild\14.0\bin\amd64\Microsoft.Common.CurrentVersion.targets (2883, 0)
    Cannot import the following key file: Filename.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_XXXXXXXXXXX

    Not able to sure how to resolve this issue. I tried with login to build server with build service account and then used sn.exe

    sn -i filename.pfx <key>

    But still same error.


    Technical Project Manager cum Architect

    Friday, February 12, 2016 12:58 PM

Answers

  • Hi Manish,

    Thanks for your reply.

    I tested this scenario in my TFS 2015 Update 1 environment and it works fine. Below is my detailed steps(said my client account is user1, and build service account is user2):

    1. I logon my client using user1, add the mykey.pfx file(password is ab123456@!) to my project in VS 2015, then build this solution using VS 2015 locally, it works fine. Check-in this solution into my TFS 2015 team project Source Control.
    2. Queue a build definition to build this solution, it failed with this error: C:\Program Files (x86)\MSBuild\14.0\bin\amd64\Microsoft.Common.CurrentVersion.targets (2883, 0) Cannot import the following key file: mykey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_732E2E546C0D8E11
    3. Logon build agent machine using user2, open Developer Command Prompt for VS 2015 and cd to …\src\solutionname\projectname folder, then run sn -i mykey.pfx VS_KEY_732E2E546C0D8E11 and type ab123456@! password, after it imported completely, close this Developer Command Prompt for VS 2015.
    4. Queue build definition again, it builds fine this time.

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, February 17, 2016 7:56 AM
    Moderator

All replies

  • Hi Manish,     

    Thanks for your post.

    You’re using XAML build definition or vnext build definition to run this build? You should ensure you can find that dll on your build agent machine first.

    According the error message, it seems your current TFS Build Service account has no required permission to access that .pfx on build agent machine. When we build solution using Team Build, Team Build(TFS Build Service account) will mapping the solution files from TFS Source Control to build agent machine, then build the solution using MSBuild on build agent machine, so you need ensure your solution can be built using MSBuild(run 14.0 version of MSBuild command using TFS Build Service account) on build agent machine manually.

    How did that user deploy the signed dll to his client? Please logon your build agent machine using your current Build Service account, then run the same deploy steps to import the .pfx file on build agent machine using Build Service account, after import completely, manually run 14.0 MSBuild command to build the same solution under src folder, ensure it works fine. Then try run your build definition again.       


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, February 15, 2016 5:58 AM
    Moderator
  • Hello John,

    Thanks for your reply.

    We are using XAML build definition. .pfx files are in src folder itself, so build service account has access to it.

    OK, i will follow the steps mentioned by you and will get back.


    Technical Project Manager cum Architect

    Monday, February 15, 2016 6:19 AM
  • Hello John,

    Project is not using any extra steps to deploy on client.

    Usually, they follow below steps

    • Open Project property page
    • Go to Signing tab, add snk file and 
    • click change password

    That's it. so compiled dlls are signed and deployed on client.

    Now in case of TFS, compilation is done on build server and every time build process cleanup and regenerate source folder, so all these information is there in csproj file.

    So i am wondering what i am missing here?


    Technical Project Manager cum Architect

    Monday, February 15, 2016 11:33 AM
  • Hi Manish,

    Thanks for your reply.

    How did you execute that sn command on your build agent machine? please check and compare below steps:

    1. Logon build agent machine using your current build service account.
    2. Open Developer Command Prompt for VS 2015 and cd to that .pfx existed location(…\src).
    3. Execute sn –i filename.pfx VS_KEY_XXXX command, ensure this command run successfully.

    Add your build service account to be the admin user on your build agent machine before you run above command line.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Tuesday, February 16, 2016 3:08 AM
    Moderator
  • Hello John,

    Thanks for your reply.

    Yes, we followed same steps as you mentioned. We got password prompt and provided the given password.

    And one more thing, after execution of sn command, when we execute build we get error but now this time with different VS_KEY_XXX, its normal?

    Apart from this, recreation of files & folder within (...\src) folder is not an issue i think.

    Is it possible to execute this scenario at your side?

    do we need to modify anything in build process template? I don't think so but not sure


    Technical Project Manager cum Architect

    Tuesday, February 16, 2016 12:48 PM
  • Hi Manish,

    Thanks for your reply.

    I tested this scenario in my TFS 2015 Update 1 environment and it works fine. Below is my detailed steps(said my client account is user1, and build service account is user2):

    1. I logon my client using user1, add the mykey.pfx file(password is ab123456@!) to my project in VS 2015, then build this solution using VS 2015 locally, it works fine. Check-in this solution into my TFS 2015 team project Source Control.
    2. Queue a build definition to build this solution, it failed with this error: C:\Program Files (x86)\MSBuild\14.0\bin\amd64\Microsoft.Common.CurrentVersion.targets (2883, 0) Cannot import the following key file: mykey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_732E2E546C0D8E11
    3. Logon build agent machine using user2, open Developer Command Prompt for VS 2015 and cd to …\src\solutionname\projectname folder, then run sn -i mykey.pfx VS_KEY_732E2E546C0D8E11 and type ab123456@! password, after it imported completely, close this Developer Command Prompt for VS 2015.
    4. Queue build definition again, it builds fine this time.

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, February 17, 2016 7:56 AM
    Moderator
  • Even this suggestion worked for me. Thanks.

    Akshay Shaha


    Monday, July 17, 2017 3:46 PM