none
VSTO Excel Addin Installation fails with certificate error RRS feed

  • Question

  • I have created Several Excel Addins

    I use a test certificate and have not had any issued installing on other computers. (until now)

    A user is trying to install another of my addins, and now receives this error (with no options to trust)

    I wonder if this is a windows update issue.

    I have an up to date windows 10 machine and it has no issues installing.

    Thanks

    Adam

    This is the error I am now receiving on a machine that has previous installs of my code.

    ************** Exception Text **************
    System.Security.SecurityException: Customized functionality in this
    application will not work because the certificate used to sign the
    deployment manifest for Rev Navigator64 or its location is not trusted.
    Contact your administrator for further assistance.
       at
    Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustPromptKeyInternal
    (ClickOnceTrustPromptKeyValue promptKeyValue,
    DeploymentSignatureInformation signatureInformation, String productName,
    TrustStatus status)
       at
    Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustUsingPromptKey
    (Uri manifest, DeploymentSignatureInformation signatureInformation, String
    productName, TrustStatus status)
       at
    Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.ProcessSHA2Manifest
    (ActivationContext context, DeploymentSignatureInformation
    signatureInformation, PermissionSet permissionsRequested, Uri manifest,
    ManifestSignatureInformationCollection signatures, AddInInstallationStatus
    installState, TrustStatus sha256TrustStatus, X509Certificate2
    sha256PublisherCert)
       at
    Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity
    (ActivationContext context, Uri manifest, AddInInstallationStatus
    installState)
       at
    Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn
    ()
    The Zone of the assembly that failed was:
    MyComputer


    Adam

    Friday, November 11, 2016 9:16 PM

Answers

  • I thought I would share, as nothing we read gave this as a solution, or correctly identified the culprit.
     
              The issue arose because of delivering the install code via the internet.  When the file get’s downloaded it gets scanned by windows and flagged as a “installation” code/file.
     
              This triggers the certificate process.
     
              I encrypt / password protect the install code, so windows can’t scan it. The user then unzips (with password), and installs.
     
              The new process does not flag our install code as “sourced” from the internet.
     
    Adam

    Adam

    • Marked as answer by AuroraMan1 Tuesday, January 31, 2017 4:32 PM
    Tuesday, January 31, 2017 4:32 PM

All replies

  • Hi Adam,

    >>A user is trying to install another of my addins, and now receives this error (with no options to trust)

    Do you mean there is no options for you to trust this installation? Do you use the same publish options for these add-ins while you develop in VS? 

    For this error, have you installed the certificate under Trusted Root Certification Authorities Store?

    Did you install from Network File Shares? I suggest you try to copy your publish folder to local disk, and then install it again.

    I suggest you refer below link,

    # Solutions Cannot Be Installed from Network File Shares or Web Locations when Internet Explorer Enhanced Security Configuration or Internet Explorer 7 Is Installed

    https://msdn.microsoft.com/en-us/library/bb772087.aspx

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, November 14, 2016 5:26 AM
    Moderator
  • "Do you mean there is no options for you to trust this installation? Do you use the same publish options for these add-ins while you develop in VS? "

    Yes, That is correct, the issue is we the user is not getting the "trust prompt"

    Thanks

    Adam


    Adam

    Sunday, December 4, 2016 10:41 PM
  • Hi Adam,

    Did the above link work for you?

    If you uninstall all of your add-ins, and re-install them again, will you get any prompt?

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, December 5, 2016 8:13 AM
    Moderator
  • Edward, We did not want to uninstall addins that are working, and risk them not working.

                  We will try the settings in internet explorer. We are on Windows 10.

    Adam


    Adam

    • Marked as answer by AuroraMan1 Tuesday, January 31, 2017 4:32 PM
    • Unmarked as answer by AuroraMan1 Tuesday, January 31, 2017 4:32 PM
    Monday, December 5, 2016 2:17 PM
  • I thought I would share, as nothing we read gave this as a solution, or correctly identified the culprit.
     
              The issue arose because of delivering the install code via the internet.  When the file get’s downloaded it gets scanned by windows and flagged as a “installation” code/file.
     
              This triggers the certificate process.
     
              I encrypt / password protect the install code, so windows can’t scan it. The user then unzips (with password), and installs.
     
              The new process does not flag our install code as “sourced” from the internet.
     
    Adam

    Adam

    • Marked as answer by AuroraMan1 Tuesday, January 31, 2017 4:32 PM
    Tuesday, January 31, 2017 4:32 PM
  • Thanks for the hint.

    I found this looking for solution to the same problem could not install excel addin.

    The flagged source is the key.

    Right click on the ZIP file and select properties, and at the bottom of the general tab I find 

    Security : This file came from another computer and might be blocked to help protect this computer.

    Next to this is a button "Unblock". Press the button. Then unzip, and all is good.

    • Proposed as answer by Stanbones Wednesday, November 22, 2017 5:58 AM
    Wednesday, November 22, 2017 5:57 AM
  • Stanbones, Something new ! I did not know about the unblock. Tried it but it did not help, only the encrypt worked for me.

    Adam


    Adam

    Wednesday, November 22, 2017 1:09 PM
  • Hi Adam,

    I definitely am experiencing this. Forgive the silly question but when you say " I encrypt / password protect the install code, so windows can’t scan it"

    Do you mean you encrypt the Zip folder? And if so which program do you use? 

    Many thanks,

    Kev

    Wednesday, April 25, 2018 11:15 AM
  • Kev, In my case I zip the .exe,.vsto and the folder.

    then using 7zip (with a password) zip that folder ( I include the password in the name of the file)

    with the password protected zip file , windows will tag that zip file, but not the zip within it.

    if you use 7zip to unzip the files (NOT WINDOWS), the files get placed on the user machine without being flagged.

    and can now install without issues !

    Adam


    Adam

    Wednesday, April 25, 2018 11:28 AM
  • Legend thank you <g class="gr_ gr_11 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep" data-gr-id="11" id="11">Adam</g>!
    Wednesday, April 25, 2018 11:35 AM
  • import the certificate to trusted root from setup file. That worked for me
    Wednesday, March 6, 2019 12:09 AM
  • "import the certificate to trusted root from setup file" - is there a step by step for doing this someplace?

    i find this very frustrating. distributing excel macros and add-in has become so "secure" over the years that we'd rather not do it at all... over the years, I've seen users simply walk away from add-ins or loosing interest, and I've also seen IT folks and admins not taking it serious because a) they don't know all the pitfalls either and b) they often lack the subject matter expertise to understand what their power users are trying to do in the first place.

    this unlocking the zip file has been a huge find for me today. we struggled with this issue on and off over many months. the error message about the cert or the trusted location turns out to be totally misleading.

    i wish there was some more common sense documentation on how to distribute temporary, experimental, "purpose built by a team" macros from MS. not every add-in is a full blown 3rd party product or wants to be placed on a click-once server. we zip publish folders and put them onto sharepoint or onedrive.

    regards, and thank you thank you for pointing this out.

    Tuesday, September 10, 2019 9:25 PM