The "SignFile" task was not given a value for the required parameter "CertificateThumbprint"

msbuild certificate clickonce code-signing

22,683

Solution 1

This is how I solved the problem:

Our build services was configured to run as NT AUTHORITY\NetworkService I simply changed this to my own user account. Note that I already had the *.pfx file installed to personal certificate store.

I guess the problem was that the user NT AUTHORITY\NetworkService does not have the required certificate in the certificate store. I still have no idea how to add certificates into the personal store of system accounts. Nevertheless my problem is gone for now although I don't like the fact that the build service runs with my credentials.

Solution 2

Note: If you are looking for a quick fix and it is okay for your project to not be signed then you can do this. I encounter this problem when I am looking for a sample code, and using this quick fix solves my problem instantly.

Go to the project properties
Select signing options
Uncheck the `Sign the ClickOnce manifests
Save
Re-run it
(Optional) In some cases you need to rebuild it.

If it doesnt work please try to uncheck the enable ClickOnce security settings which can be located on Security tab.

Solution 3

try to add the certificate in the signing tab of the project properties by selecting "Select from store"

try clicking "Create Test Certificate"...

Solution 4

Another reason why you might be getting this is if the certificate thumbprint has changed (i.e. when it has been renewed because the old certificate has expired), and you no longer have the old certificate installed. This happened to me just now.

Solution: open up the project in Visual Studio, go to the Signing Tab, click Select from Store and make sure that the correct (new) certificate is installed. This solved the problem for me.

Solution 5

For those come across this issue using CI with an EV Code Signing Certificate. EV Code Signing Certificates use a dongle or thumb drive, so you must have a build server on premise and update your project file manually.

In VS, Right click on your project and Unload it.
Right click and Edit the csproj file.
Find or add this entry
<PropertyGroup> <ManifestCertificateThumbprint>**Your Certificate Thumbprint Here**</ManifestCertificateThumbprint> </PropertyGroup>
Copy and paste the thumbprint of the certificate from your build server into the ManifestCertificateThumprint value.
Reload your project and check in.

View more solutions

22,683

Author by

Joel

I like stackoverflow :)

Updated on June 01, 2020

Comments

Joel almost 4 years

We have a line of business app which is deployed via clickonce. I can build and publish the application without any problems but when I try to use Continuous Integration (Build each check-in) I get the following error:

 2>C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5):
error MSB4044: The "SignFile" task was not given a value for the required parameter "CertificateThumbprint".

[C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]

Done executing task "SignFile" -- FAILED.

We sign the application (to be more specific: the ClickOnce manifest) using a code signing certificate which is registered in the AD as Trusted Publisher.

The Certificate is stored in Certificate store on my local workstation. The Certificate is also in the certificate store of the build server (1. In the Personal Store, 2. in the Personal store of the TFSBuildServiceHost Service Account and 3. in the Personal store of the tfs/build server itself).

Where are using Visual Studio 2013 Update 4, C#, .Net 4.5 and TFS 2013 Update 4.

I have no clue what causes this error, any help is appreciated.

EDIT:

I forgot to mention that the tfs build worked fine a few weeks ago. I didn't change a thing, i verified that the project file (Pulse.csproj) hasn't changed and i also had a few successful builds with that exact Pulse.csproj file / build definition. I'm pretty sure that it must be something on the tfs server. I remember that Microsoft had some trouble with some updates regarding the certificate infrastructure could it be related?

EDIT 2: I tried to build the project via command line using this command:

"C:\Program Files (x86)\MSBuild\12.0\bin\amd64\MSBuild.exe" C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln

The build fails with the following message:

CleanPublishFolder: Removing directory "bin\Debug\app.publish\". _DeploymentComputeClickOnceManifestInfo: Creating directory "bin\Debug\app.publish".
Copying file from "obj\Debug\Pulse.exe" to "bin\Debug\app.publish\Pulse.exe". C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5): error MSB3482: An error occurred while signi ng: SignTool.exe not found. [C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj] Done Building Project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (default targets) -- FAILED.

Done Building Project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln" (default targets) -- FAILED.

Build FAILED.

"C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln" (default target) (1) -> "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (default target) (2) -> (_DeploymentComputeClickOnceManifestInfo target) -> C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5): error MSB3482: An error occurred while sig ning: SignTool.exe not found. [C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]
0 Warning(s)
1 Error(s)

The Signtool definitely exists on the Server. The path to the signtool is: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" and "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe"

The most interesting part is that I CAN build the solution using a different msbuild tool.

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln

EDIT 3:

I installed the Windows Software Development Kit (SDK) for Windows 8 and now I can build the solution via command line. Thus, the code signing certificate is installed & available.

But the TFS Build fails.

Here is the error output gathered from the tfsbuild logfile:

      Task "AL"
         C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\x64\AL.exe /culture:de /out:obj\Debug\de\Pulse.resources.dll /platform:AnyCPU /template:obj\Debug\Pulse.exe /embed:obj\Debug\Pulse.View.Localization.CreditsView.de.resources /embed:obj\Debug\Pulse.View.Localization.PulseMainWindow.de.resources
         Microsoft (R) Assembly Linker version 12.0.20806.33440
         Copyright (C) Microsoft Corporation. All rights reserved.

       Done executing task "AL".
     2>Done building target "GenerateSatelliteAssemblies" in project "Pulse.csproj".
     2>Target "CreateSatelliteAssemblies" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "CoreBuild" depends on it):
     2>Done building target "CreateSatelliteAssemblies" in project "Pulse.csproj".
       Target "SetWin32ManifestProperties" skipped. Previously built successfully.
       Target "_DeploymentComputeNativeManifestInfo" skipped, due to false condition; ('$(GenerateClickOnceManifests)'!='true') was evaluated as ('true'!='true').
     2>Target "CleanPublishFolder" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "_DeploymentComputeClickOnceManifestInfo" depends on it):
       Task "RemoveDir" skipped, due to false condition; ('$(PublishDir)'=='$(OutputPath)app.publish\' and Exists('$(PublishDir)')) was evaluated as ('bin\Debug\app.publish\'=='bin\Debug\app.publish\' and Exists('bin\Debug\app.publish\')).
     2>Done building target "CleanPublishFolder" in project "Pulse.csproj".
       Target "_DeploymentGenerateTrustInfo" skipped, due to false condition; ('$(TargetZone)'!='') was evaluated as (''!='').
     2>Target "_DeploymentComputeClickOnceManifestInfo" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "GenerateApplicationManifest" depends on it):
       Task "Copy"
         Creating directory "bin\Debug\app.publish".
         Copying file from "obj\Debug\Pulse.exe" to "bin\Debug\app.publish\Pulse.exe".
       Done executing task "Copy".
       Using "SignFile" task from assembly "Microsoft.Build.Tasks.v12.0, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a".
       Task "SignFile"
     2>C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5): error MSB4044: The "SignFile" task was not given a value for the required parameter "CertificateThumbprint". [C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]
       Done executing task "SignFile" -- FAILED.
     2>Done building target "_DeploymentComputeClickOnceManifestInfo" in project "Pulse.csproj" -- FAILED.
     2>Target "_CheckForCompileOutputs" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "_CleanGetCurrentAndPriorFileWrites" depends on it):
     2>Done building target "_CheckForCompileOutputs" in project "Pulse.csproj".
       Target "_SGenCheckForOutputs" skipped, due to false condition; ('$(_SGenGenerateSerializationAssembliesConfig)' == 'On' or ('@(WebReferenceUrl)'!='' and '$(_SGenGenerateSerializationAssembliesConfig)' == 'Auto')) was evaluated as ('Off' == 'On' or (''!='' and 'Off' == 'Auto')).
     2>Target "_CleanGetCurrentAndPriorFileWrites" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "_CleanRecordFileWrites" depends on it):
       Task "ReadLinesFromFile"
       Done executing task "ReadLinesFromFile".
       Task "ConvertToAbsolutePath"
       Done executing task "ConvertToAbsolutePath".
       Task "FindUnderPath"
         Comparison path is "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse".
       Done executing task "FindUnderPath".
       Task "FindUnderPath"
         Comparison path is "C:\Builds\1\Pulse\DefaultBuild\bin\".
       Done executing task "FindUnderPath".
       Task "FindUnderPath"
         Comparison path is "obj\Debug\".
       Done executing task "FindUnderPath".
       Task "RemoveDuplicates"
       Done executing task "RemoveDuplicates".
     2>Done building target "_CleanGetCurrentAndPriorFileWrites" in project "Pulse.csproj".
     2>Target "_CleanRecordFileWrites" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "CoreBuild" depends on it):
       Task "RemoveDuplicates"
       Done executing task "RemoveDuplicates".
       Task "MakeDir"
       Done executing task "MakeDir".
       Task "WriteLinesToFile"
       Done executing task "WriteLinesToFile".
     2>Done building target "_CleanRecordFileWrites" in project "Pulse.csproj".
     2>Done Building Project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (default targets) -- FAILED.
     1>Done executing task "MSBuild" -- FAILED.
     1>Done building target "Build" in project "Pulse.sln" -- FAILED.
     1>Done Building Project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln" (default targets) -- FAILED.

Build FAILED.

       "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln" (default target) (1) ->
       "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (default target) (2) ->
       (_DeploymentComputeClickOnceManifestInfo target) -> 
         C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5): error MSB4044: The "SignFile" task was not given a value for the required parameter "CertificateThumbprint". [C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]

    0 Warning(s)
    1 Error(s)

EDIT 4:

Visual Studio 2013 is not installed on our build server. I've already been through the logfile and found that the TFS Build uses the MSBuild.exe stored in C:\Program Files (x86)\MSBuild\12.0\bin\amd64\ .

Since I can build the project on the build server using the MSBuild.exe than TFS Build does I can be sure that the certificate itself is not an issue.

I created a new build definition without modifying any of the settings but I still get the same error message.

I also repaired the TFS Installation on the build server but no luck.

I compared all *.targets files stored in the C:\Program Files (x86)\MSBuild\12.0\bin\amd64\ Folder on the Server with the *.targets files in the same location on my client machine. There 100% identical.

Needless to say that I can build the project without any problems on my client machine (via VS2013 and command line).

I deleted and re-registered/created the build service/controller/agent. The result is still the same.

I'm stuck here. Any ideas?

gReX almost 9 years

I think it is recommended run the Build-Processes as a User. We use our "domain\TfsBuild"-User. So I can logon to the Build-Server with this account and install the Certificate.
Joel almost 9 years

But then the project is no longer signed. Signing is something we must do in our cooperate environment.
Bryida almost 9 years

I am not sure what exactly caused it since we are working with source control. I probably didn't get all the required files or the person who created the sign file forgot to include all the necessary files. Hence why I added my answer as a quick fix and wouldn't recommend it as a permanent solution. You need to check all files are present and not corrupted.
AMissico almost 8 years

I use TfsBuildService, as the name is more descriptive.
Eniola about 7 years

Isn't it dangerous to not sign?