SignTool.exe Sporadically Fails with Exit Code 1

Question

As part of our build system, we use signtool.exe with a certificate to sign our binaries once they've been built. Occasionally (it's hard to tell when it will strike), the signing fails:

 error MSB3073: The command "C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\bin\signtool.exe" [...] exited with code 1.

According to the MSDN, an exit code of 1 means that there was an error signing the file. I can verify that the file didn't get signed.

I've also noticed that occasionally, the timestamp portion times out with a different error message, albeit that the file still gets signed (without the timestamp).

How can I troubleshoot and fix these seemingly random, inconsistent signature failures?

Answer 1

SignTool.exe has a /v switch (verbose) which can help you diagnose the problem.

Answer 2

In my case, the .pfx file in the solution was an old one. Until someone told me to replace the certificate file with the new, valid one, I continued to get "Fails with Exit Code 1" error.

Meaning, make sure that the certificate file is valid and not expired.

Answer 3

I've just into this issue, on Windows 8.1, so it's not the Windows XP root certificates issue that some folks cite.

I found that the problem was caused because the .exe being signed was also running.

If you run signtool from the cmd prompt and try to sign it you will get a helpful text message telling you what is wrong (so much better than the return code 1 from CreateProcess().

Stopped the running process and was able to sign OK.

Answer 4

I had the same problem. It happens because MS antimalware process MsMpEng.exe check the binary and don't let anyone access it. To solve the problem, I build binary on RAM disk and it worked.

Answer 5

I strongly suspect a failing connection to the timestamp server being responsible for occasional failures. Perhaps you check your system event log for lost connections at the time in question.