I am getting this error message when I try to install Outlook Addin from my local system.
System.Security.SecurityException: Customized functionality in this
application will not work because the certificate used to sign the
deployment manifest for OutlookCrmAddIn or its location is not
trusted. Contact your administrator for further assistance.
Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustPromptKeyInternal(ClickOnceTrustPromptKeyValue
promptKeyValue, DeploymentSignatureInformation signatureInformation,
String productName, TrustStatus status) at
Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustUsingPromptKey(Uri
manifest, DeploymentSignatureInformation signatureInformation, String
productName, TrustStatus status) at
Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.ProcessSHA2Manifest(ActivationContext
context, DeploymentSignatureInformation signatureInformation,
PermissionSet permissionsRequested, Uri manifest,
ManifestSignatureInformationCollection signatures,
AddInInstallationStatus installState, TrustStatus sha256TrustStatus,
X509Certificate2 sha256PublisherCert) at
Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext
context, Uri manifest, AddInInstallationStatus installState) at
Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
The Zone of the assembly that failed was: MyComputer
How to solve this installation issue?
The error means what it says - your VSTO addin must be signed with a certificate that is trusted by the system where the VSTO addin is installed.
Related
We recently purchased an EV Code Signing Certificate.
I followed instructions and I can successfully sign our built applications (exe files), our libraries (dll).
However, I can't sign our setup packages (MSI files), I always get this error:
SignTool Error: An unexpected internal error has occurred. Error
information: "Error: SignerSign() failed." (-2147024885/0x8007000b)
I don't see anything in Event Viewer.
I am really stuck here, I don't not understand how same command could work for certain file types and not for msi files.
Thanks in advance for your help!
Check the log for more info:
Run Event Viewer app.
Open the event log: Event Viewer (Local) > Applications and Services
Logs > Microsoft > Windows > AppxPackagingOM > Microsoft-Windows-AppxPackaging/Operational
Look for the most recent error event
In my case I had a mismatch in publisher string in Certificate and Manifest.
The following cause was reported on a forum post:
Have just found the cause: my antivirus Trend Micro Worry Free
Advanced is the problem.
When I deactivate it, I can sign without any problem and it is much
faster to sign.
Now I have to find to which part I have to set an exception in the
antivirus.
The strange thing is that I never had any problem to sign with my
Authenticode certifcate,
but here with an EV Code Signing certificate my antivirus blocks
something...
Posted by david[SDT] Monday, April 9, 2018 12:47 PM
I have tried with google drive location as a installation path at the time of publishing VSTO application.
But at the time of installation time it throwing an exception to download manifest related stuff.
Exception is like below
Name:
From: https://drive.google.com/drive/folders/1tL4egzEy2uga0asj0bsgzQ10Y8Q-cJ3wj?usp=sharing/MyApp.vsto
************** Exception Text **************
System.Deployment.Application.InvalidDeploymentException: Exception reading manifest from https://drive.google.com/drive/folders/1tL4egzEy2uga0asj0bsgzQ10Y8Q-cJ3wj?usp=sharing/MyApp.vsto: the manifest may not be valid or the file could not be opened. ---> System.Xml.XmlException: DTD is prohibited in this XML document.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ParseDoctypeDecl()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XsdValidatingReader.Read()
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
--- End of inner exception stack trace ---
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan timeout)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
Any guys having any guess regarding this exception?
Finally my intention is to be available my publish folder at global level, I will send .exe file only to user so that user can be able to install application with the combination of .exe and web location where publish stuff resides.
You have a few questions in this same vein, and while I do not use this feature, I think I see where you're going wrong.
I believe VSTO is assuming you're deploying to your own web server, with no fancy paths. Google Drive clearly has paths that are not meant to handle appending a file or folder name. An FTP server may require login credentials or special connection settings, and is very uncommon these days.
You probably need to stand up a web server, if you don't already have one, and publish to that. Or use a network folder if that works in your situation.
We have a plug-in that runs on Outlook 2016. Our plug-in is using VSTOInstaller.exe file to install new updates from the installation folder URL. Now, the certificate of our plug-in is about to expire, so we bought a new certificate and deployed a new version with the new certificate.
But during the installion of the new update with the new certificate, the plug-in have encountered a security error that is preventing it from updating to the new version, see error below:
Exception: Customized functionality in this application will not work because it has not been granted trust. The certificate used to sign the deployment manifest is unknown, and the customization itself (Time Tracking System) is not on the inclusion list. Contact your administrator for further assistance.
************** Exception Text **************
System.Security.SecurityException: Customized functionality in this application will not work because it has not been granted trust. The certificate used to sign the deployment manifest is unknown, and the customization itself (Time Tracking System) is not on the inclusion list. Contact your administrator for further assistance.
at Microsoft.VisualStudio.Tools.Office.Runtime.OfficeAddInDeploymentManager.VerifyAddInTrust(ClickOnceAddInTrustEvidence evidence)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
The Zone of the assembly that failed was:
MyComputer
After searching for a solution over the internet, I found this article: http://www.aivanoff.net/Blogs/Details/VSTOwithHSA256fail.
For short, changing the RSAKeyValue from the "HKEY_CURRENT_USER\Software\Microsoft\VSTO\Security\Inclusion" in the registry with the RSAKeyValue of the new certificate will fix the problem. I have tried this solution and it worked but this is not the kind of solution that we want to give to our users.
I have also tried solution from the URL below, but it did not work:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/b1289353-91ab-4f3f-be20-6d65615441bd/security-trust-issue-only-on-some-client-machines-outlook-addin?forum=vsto
Could someone please let me know an explanation about why this error occur? And is there any other way to fix it?
Thanks,
Ben
I have downloaded one .EXE file and it got successfully installed on one machine. However, when I tried doing it on another machine I got error as below:
Exception Text
System.Deployment.Application.InvalidDeploymentException: Deployment
and application do not have matching security zones. at
Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan
timeout) at
Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
Looks like one of the files in the application folder is corrupted. See ClickOnce "Deployment and application do not have matching security zones" for more information.
I have an Outlook Add-In that's installed from a web server. This add-in works the same way as all other add-ins I've worked on in Office.
setup.exe is downloaded and executed
all prerequisites (.Net framework and such) are verified
vsto file is downloaded
So far, everybody installing this add-in has had no problems (this add-in has been in use for about a year). We have a new customer installing it on Windows 7 and we're seeing our first issue. Here's the error:
There was an error during installation:
Downloading http://<path and filename>.vsto did not succeed
***************** Exception Text******************
System.Deployment.Application.DeploymentDownloadException: Downloading http://<path and filename>.vsto did not succeed
System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid
at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)
at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
at System.Net.NtlmClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boolean preAuthenticate)
at System.Net.NtlmClient.Authenticate(String challenge, WebRequest webrequest, ICredentials credentials)
at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials credentials)
at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo)
at System.Net.HttpWebRequest.CheckResubmitForAuth()
at System.Net.HttpWebRequest.CheckSubmit(Exception& e)
--- End of inner exception stack trace ---
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
Obviously, I cannot duplicate from my location. My gut is telling me this customer's network security is causing an issue (my understanding is that they have a series of firewalls and such), but their Windows XP machines are having no problem installing.
Anybody see anything I'm missing?
In the end, the answer wasn't too difficult. What was happening is that, obviously, the user is behind a Proxy Server that's blocking the download of the VSTO file, as it didn't have the Proxy Credentials.
So, I've had to make an exception for these users, sending them all the files in a zip that they can install from.
Note that users that run into this MUST run a command to clear the ClickOnce app cache before proceeding; it looks like the mere attempt to install this was leaving some residuals behind that was causing a problem. If you don't already know, you can clear the app cache by running this command from the command prompt (or creating a .bat file containing):
rundll32 dfshim CleanOnlineAppCache
There is a MS KB (KB917952) that corrects ClickOnce deployment issues when using Proxy Authentication.
End users or IT can modify the machine.config to enable proxy authentication with their NTLM login. This will allow them to install ClickOnce or VSTO applications behind proxies that require authentication.
How To: Change your Default Proxy to always use your default credential (NTLM login).
Edit %windir%\Microsoft.NET\Framework\v4.0.30319\config\machine.config
Add the defaultProxy element shown below. Remember to add to an existing system.net section when one exists already.
<configuration>
..
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true"/>
</system.net>
...
</configuration>
Element (Network Settings)
useDefaultCredentials
Specifies whether the default credentials for this host are used to access the web proxy. The default value is false.