none
SignTool error: SignerSign() failed." (-2147024885/0x8007000b)

    Question

  • Hi,

    I can't succeed to sign my msi setup file with my new EV Code Signing certificate.

    I always get this error: SignerSign() failed." (-2147024885/0x8007000b).

    Using same command, I can successfully sign my exe files and dlls.

    Thanks in advance for you help.

    Thursday, April 5, 2018 12:59 PM

Answers

  • Have just found the cause: my antivirus Trend Micro Worry Free Advanced is the problem.

    When I deactivate it, I can sign without any problem and it is much faster to sign.

    Now I have to find to which part I have to set an exception in the antivirus.

    The strange thing is that I never had any problem to sign with my Authenticode certifcate,

    but here with an EV Code Signing certificate my antivirus blocks something...

    • Marked as answer by david[SDT] Monday, April 9, 2018 12:47 PM
    Monday, April 9, 2018 12:35 PM

All replies

  • Hello,

    According to the error code, you need to find more specific error info in the event log:

    1.Run Eventvwr.msc.
    2.Open the event log: Event Viewer (Local) > Applications and Services Logs > Microsoft > Windows > AppxPackagingOM > Microsoft-Windows-AppxPackaging/Operational
    3.Look for the most recent error event

    To know more details about the event ID, you could refer to How to sign an package using SignTool.

    Best regards,

    Mattew Wu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, April 6, 2018 8:02 AM
    Moderator
  • Hi,

    I've already checked those logs and there is no error.

    However I've just noticed I'm using singtool from the SDK 8.1 and notice there is a SDK 10 :-D

    It's installing, I'll try with it to see what happens.

    Friday, April 6, 2018 8:17 AM
  • Using the latest sdk it works sometimes.

    Very weird, using the same command sometimes it works and most of the time it doesn't sign.

    here are some attempts:

    C:\Release>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com/authenticode?td=256 /fd sha256 /a "Setup.msi"
    Done Adding Additional Store
    Successfully signed: Setup.msi

    C:\Release>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com/authenticode?td=256 /fd sha256 /a "Setup.msi"
    Done Adding Additional Store
    SignTool Error: An unexpected internal error has occurred.
    Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

    C:\Release>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com/authenticode?td=256 /fd sha256 /a "Setup.msi"
    Done Adding Additional Store
    SignTool Error: An unexpected internal error has occurred.
    Error information: "Error: SignerSign() failed." (-2146885630/0x80092002)

    Friday, April 6, 2018 11:20 AM
  • The msi files I'm trying to sign are built by Visual Studio 2015, using the extension Visual Studio Installer Projects.

    The application properties are set as "Create application without a manifest".

    There is not any manifest file created by me.

    The Author and Manufacturer properties of the setup project correctly match the CN value of the Subject field of my EV certificate.

    I can always successfully sign exe files, dll files, but it randomly succeed to sign my msi files.

    I spent a half day with the technical support of the company who sold me the EV certificate, they told me it seems there is with the signtool program or the microsoft SDK.

    Please help me to get a stable behavior.

    Friday, April 6, 2018 12:46 PM
  • I tried to sign same files using same certificate and same command in a windows 10 VM (same build), 

    and I can always successfully sign, for all attempts.

    What could be the cause on my host to not have such normal behavior?

    what could be the solution to solve this?

    Monday, April 9, 2018 12:26 PM
  • Have just found the cause: my antivirus Trend Micro Worry Free Advanced is the problem.

    When I deactivate it, I can sign without any problem and it is much faster to sign.

    Now I have to find to which part I have to set an exception in the antivirus.

    The strange thing is that I never had any problem to sign with my Authenticode certifcate,

    but here with an EV Code Signing certificate my antivirus blocks something...

    • Marked as answer by david[SDT] Monday, April 9, 2018 12:47 PM
    Monday, April 9, 2018 12:35 PM
  • Have just found the cause: my antivirus Trend Micro Worry Free Advanced is the problem.

    When I deactivate it, I can sign without any problem and it is much faster to sign.

    Now I have to find to which part I have to set an exception in the antivirus.

    The strange thing is that I never had any problem to sign with my Authenticode certifcate,

    but here with an EV Code Signing certificate my antivirus blocks something...

    For me it was Windows Defender randomly interfering (the code had been working for ages).

    Thanks for posting this answer. Was a tricky problem to work out.

    Tuesday, April 23, 2019 3:30 PM
  • Actually, it wasn't Windows Defender. It might have been slow internet, or pending windows updates?

    Came back to work the next day and it worked.

    Wednesday, April 24, 2019 8:47 AM