SignTool unexepected internal error

Question

I am running SignTool with the following command: signtool sign /f keyfile.pfx /p mypassword pathToMsiFile.msi and i get the following error:

SignTool Error: An unexpected internal error has occurred. Error information: "Error: Store::ImportCertObject() failed." (-2146893792/0x80090020)

It worked just until a day ago, and i have no idea what might have changed...

Any ideas would be great, thanks!

I managed to fix it. Apperantly the user was corrupted.

after fixing the user using this KB from microsoft everything became right again.

score 3 · Answer 1 · edited Nov 01 '12 at 16:02

3

I had the same issue but only when I'm trying to sign it under IIS/PHP script. When I run PHP from the console it's OK. And here there were no issue with account. Only one thing helped me - changing Anonymous Authentication Credentials for Site/application from Specific USER to Application pool identity.

edited Nov 01 '12 at 16:02

David Cain

16,484
14
65
75

answered Nov 01 '12 at 15:17

DevAnimal

379
2
9

score 2 · Accepted Answer · edited May 02 '19 at 13:57

2

I managed to fix it. Apperantly the user was corrupted.

after fixing the user using this KB from microsoft everything became right again.

edited May 02 '19 at 13:57

StayOnTarget

11,743
10
52
81

answered Jul 26 '11 at 12:38

ravyoli

698
6
13

score 1 · Answer 3 · answered Jan 17 '13 at 23:24

1

None of the suggested answers worked for me using Windows 2008 R2 and IIS 7.5. What did work was to change a setting for the application pool. Here is what works on IIS 7.5.

Select your application pool and click Advanced Settings
Under Process Model, change Identity to LocalSystem

This is the only thing that worked for me, hopefully it will help others down the road.

answered Jan 17 '13 at 23:24

tool4scs

73
5

Don't set your AppPool to run as `LocalSystem` identity. It is **not safe**! This solves it: http://stackoverflow.com/a/10804500/843732 – c00000fd Oct 08 '13 at 06:45

score 1 · Answer 4 · edited May 23 '17 at 12:01

1

I'm not sure if setting your Application Pool to run as the LocalSystem is a good idea from the security standpoint. One way to fix this error is to enable Load User Profile in Advanced settings for the Application Pool. Don't ask how long it took me to find it out...

Here's more details.

edited May 23 '17 at 12:01

Community

1
1

answered Oct 08 '13 at 06:44

c00000fd

20,994
29
177
400

score 0 · Answer 5 · answered May 29 '12 at 18:16

0

I was also experiencing this error within a web application which was using an IIS web application pool with domain credentials, but the "Load User Profile" was set to false. Once I set it to true, signtool.exe worked without issues.

answered May 29 '12 at 18:16

Rami A.

10,302
4
44
87

SignTool unexepected internal error

5 Answers5