Reputation: 28338
Cannot sign ClickOnce manifests after upgrading build agent to VS 2017
We have a solution with a pair of ClickOnce applications that are signed and published as part of the build. We have an on-premise TFS 2017 server, but until recently our projects were all being built using VS 2015. Under this scenario, we were able to build, sign, and publish the ClickOnce application and manifests automatically, and everything is fine.
We recently deployed a new build agent with VS 2017 installed, and I cannot get that agent to build the project. The MSBuild step fails trying to sign the output with an error:
error MSB3482: An error occurred while signing: Failed to sign bin\x86\Release\app.publish\FooBar.exe
There is no additional information in the error message -- no explanation as to why the signing failed. The build agent is installed as a service, with it's log on credentials set to a real domain account, that's also a local admin on the build machine, and the certificate is installed into that user's certificate store.
As an aside, if I take the msbuild command line out of the build agent's log and run that command on the build machine while logged in under the agent account, the build stage finishes fine with correctly signed output; it only fails when running through the TFS agent service.
I'm at a loss where else to go to find why the signtool step is failing; has anyone else seen this issue?
Upvotes: 0
Views: 393
Answers (2)
Reputation: 5276
It's not a perfect "fix," but a workaround is to stop the build agent Windows service and to run the build agent in interactive mode from PowerShell.
PS C:\agent_directory> .\run.cmd
Scanning for tool capabilities.
Connecting to the server.
2018-07-24 18:19:39Z: Listening for Jobs
Upvotes: 1
Reputation: 30372
Seems the build agent did not detect the environment changes (Maybe MSBuild Capability here) or something wrong with the detected version of MSBuild or missed other related capabilities after you installed the VS 2017.
Just check the agent capabilities, make sure the capability MSbuild 15.0 is detected. Generally the value should like this :
MSBuild_15.0 C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\15.0\Bin\
MSBuild_15.0_x64 C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\15.0\Bin\amd64\
So, you can try below things to narrow down the issue:
- If they are all there, just try to restart the agent service, then check it again.
- If they are missed, you can try to manually add them (in Settings-> Agent Queues -> Agent Pool -> Agent -> Capabilities -> Add Capability). After that then trigger the build again. You can add some other needed capabilities with the same way.
- Deploy a new agent, then check that again.
- Try to build with the MSBuild task and specify the MSBuild location directly in it. Then check that again.
- Recreate certificate, check in the changes, then try it again. (Go to the property of the Project -> Select the Signing tab -> Click 'create test certificate' button)
Upvotes: 0
Related Questions
- MSBuild cannot sign a ClickOnce manifest using a temporary key (errors MSB3326 and MSB3321)
- "Invalid provider type specified" when signing clickonce manifest in VS2008
- VSTO Click-Once Certificate breaks TFS 2015 build
- No agent could be found with the following capabilities: msbuild, visualstudio, vstest
- Are there any way to Sign Clickonce application when building with TFS online services?
- error MSB4018: The "SignFile" task failed unexpectedly on build server
- Error building ClickOnce application in TFS with Certificate
- VSO Build agent failing with missing pfx
- Trouble building VS2012 project with signed ClickOnce manifest on Jenkins
- Signing a ClickOnce manifest through TFS Build 2008?