UWP : SignTool Error: Access is denied. ( Resolve ! )
This is re-Question about issue "SignTool Error: Access is denied." on my visual studio.
When I compile "SideLoad" application on Visual Studio 2017. This error happened again.
This is not first time for me. Previously, I could not resolve this error. Then, I bought New DELL PC :( Yes, During some period, It worked fine without any problem. but I saw same error again, Today !
Here is some additional information.
- x64, Windows 10, Os ver 1703 , Build 15063.675.
- Visual Studio 2017
- This is new PC. Administrator, Local user, not MSN user.
- Target version : Windows 10 Creator Update ( 10.0; Build 15063 )
- Min version : Windows 10 November Update ( 10.0; Build 10586 )
After build of side load applicaiton, This error show ::
1> Bg7Uwp1 -> D:\develop\visualstudio2\xxx\Bg7Uwp1\Bg7Uwp1\bin\x86\Release\Bg7Uwp1.exe
1> Processing application code
1> Computing application closure and generating interop code
1> Loading 108 modules...
1> Generating code...
1> Interop code generated.
1> Generating serialization code
1> Compiling interop code
1> Generating System.Reflection.DispatchProxy proxy code.
1> Cleaning up unreferenced code
1> Generating native code
1> Generating fixups for native code
1>C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\Microsoft\VisualStudio\v15.0\AppxPackage\Microsoft.AppXPackage.Targets(3787,5): error APPX1204: Failed to sign 'D:\develop\visualstudio2\xxx\Bg7Uwp1\Bg7Uwp1\bin\x86\Release\Bg7Uwp1_1.0.9.0_x86.appx'. SignTool Error: Access is denied.
1>C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\Microsoft\VisualStudio\v15.0\AppxPackage\Microsoft.AppXPackage.Targets(3787,5): error APPX1204: SignTool Error: An error occurred while attempting to sign: D:\develop\visualstudio2\xxx\Bg7Uwp1\Bg7Uwp1\bin\x86\Release\Bg7Uwp1_1.0.9.0_x86.appx
1>
1>C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\Microsoft\VisualStudio\v15.0\AppxPackage\Microsoft.AppXPackage.Targets(3787,5): error APPX1204:
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
========== Package: 0 succeeded, 2 failed ===========
========== App Bundle: 0 succeeded, 1 failed ===========
Please give me some idea. I tried everything from internet and here. but Previously, I could not resolve.. I can not buy new PC again !
Update 1
and After this trouble, I open new Uwp project and start sideload compile. it show same error ! This is same situation with previous PC ! Now, My Vs2017 can not make sideload for an empty UWP project !!
in previous PC, I tried everything. Re-install VS2017, Re-install NuGet items. but it did not resolve at all. Only way was to buy new PC and re-install VS.
Update 2
With verbose mode of VS2017 compile output, I found , There is signtool.exe in SignAppxPackageExeFullPath=C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\x64\signtool.exe
with it, I tried to sign by myself.
- Open command prompt tool with Admin
- Run below command. I success to sign !??
Update 3
Next challenge is to add "Admin privilege" with "Signtool.exe" like this. but this was failed. Error was changed. "It need administrator privilege" and it make build error. not success.
Question
If I do sign manually, Is it enough ?
I signed with manual ( target file is : Bg7Uwp1_1.0.19.0_x64.appx ) "c:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\x64\signtool.exe" sign /fd SHA256 /a /f Bg7Uwp1_TemporaryKey.pfx bin\x64\Release\Bg7Uwp1_1.0.19.0_x64.appx Done Adding Additional Store Successfully signed: bin\x64\Release\Bg7Uwp1_1.0.19.0_x64.appx
I copy all "Release" folder to other PC.
- I copy "Bg7Uwp1_TemporaryKey.pfx" to other PC too.
- On 2nd PC, I install the certification key first "Bg7Uwp1_TemporaryKey.pfx". Success.
- I tried to install with clicking Bg7Uwp1_1.0.19.0_x64.appx
I can not installed : (
Either you need a new certificate installed for this app package, or you need a new app package with trusted certificates. Your system administrator or the app developer can help. A certificate chain processed, but terminated in a root certificate which isn't trusted (0x800B0109)
Find! a solution but Not perfect yet.
with above error, I read this.. This is a step to install sideload application to PC. I follow this. I can resolve the error 0x800B0109.
- In File Explorer, right-click on the app package, and in the pop-up context menu select Properties.
- In the Properties dialog, select the Digital Signatures tab.
- In the Signature list, select the signature and then click the Details button.
- In the Digital Signature Details dialog, click the View Certificate button.
- In the Certificate dialog, click the Install Certificate… button.
- In the Certificate Import Wizard, select Local Machine and then click Next. You will need to grant administrator privileges to continue.
- Select Place all certificates in the following store and browse to the Trusted People store.
- Click Next, then click Finish to complete the wizard.
after this step, I can install my Sideload to my Own PC. but To install 2nd PC has error. ( New error 0x80073CF3 ) . but I get big improvement !
Update 4 ( Not resolve still ! )
Now, TO install other PC is not impossibile. Dependencies file can not create by VS. because signtool has error.I have to install other PC. Without it, All my time would be waste.. :( please help me...
This is old dependencies files. I have to make it for my ver 19.
Update 5
I check What Vs2017 is doing in background. I used ProcessMonitor. and She execute this command. It look like no problem. I tried with Admin-MS-prompt, It success.
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\x64\signtool.exe" sign /fd sha256 /f "Bg7Uwp1_TemporaryKey.pfx" "D:\develop\visualstudio2\shinwatec\Bg7Uwp1\Bg7Uwp1\bin\x64\Release\Bg7Uwp1_1.0.19.0_x64.appx"
but Without Admin, I got same error with VS2017 !
Kazuhiko Nakayama • edited Oct 17, 2017 by Kazuhiko Nakayama1 Answer
I found the solution ! and fix it.
with ProcessMonitor, I found this line.
signtool.exe has "Access denied" to access %appdata%\local\Temp
I check the folder permission. There is no permission on the Temp folder. I added my own user Networkname\username .
After this. I success to fix this issue. Now my visualStudio 2017 can make sideLoad application ! Yes, I do not need to buy new PC again :)
thank you. Mr. BugFinder.
Kazuhiko NakayamaUser contributions licensed under CC BY-SA 3.0