So after 2 days of scouring the internet searching everything from Google to Experts-Exchange, I have finally resolved my issue.
It all started when I was running our routing build scripts which contain code to automatically call signtool.exe to sign our DLL, EXE and MSI files.
Our calls look very similar to what you would see in the signtool documentation. We have purchased our code signing certification through GoDaddy but had another one through Verisign before hand
In our project file we setup our parameters up top:
<PropertyGroup>
<signtool>"..\tools\signtool.exe"</signtool>
<signoptions>sign /f ..\YOUR_KEY_FILE.pfx /p YOUR_PASSWORD /t http://tsa.starfieldtech.com</signoptions>
</PropertyGroup>
We would then make a call below as follows:
<target>
<Exec Command="$(signtool) $(signoptions) PATH\FILENAME.msi"/>
</target>
This resulted in the following output:
C:\src\Hekili\DotNetEngine>..\tools\signtool.exe sign /f ..\YOUR_KEY_FILE.pfx /p YOUR_PASSWORD /t http://www.starfieldtech.com PATH\FILE.exe
Done Adding Additional Store
SignTool Error: The specified timestamp server could not be reached.
SignTool Warning: Signing succeeded, but an error occurred while attempting to
timestamp: PATH\FILE.exe
Number of files successfully Signed: 1
Number of warnings: 1
Very weird in the fact that the EXE was properly signed when called from the command prompt but still gave errors.
Finally I decided to run WindowsUpdate and found that my Windows XP root certificates were out of date. This was causing a delay while trying to reach http://www.starfieldtech.com and it was just enough to cause signtool.exe to fail but also properly sign the EXE when response was finally received from the timestamp server.
Lesson learned: Always make sure your machine is up to date before digging into ambiguous network issues.
--TR
So, this did not seem to resolve the issue. Now I am getting the below random errors:
Here is the error I am getting. I put pauses before each sign and I still get it. It errors out on a different file each time. The past 5 times I have run it, it error out on FILE1.dll, FILE3.dll, FILE4.dll, FILE2.dll and now FILE8.dll.
If any of you know of good channels to submit this feedback to let me know. If you do submit this PLEASE remove the name of our certificate and the password from the below output.
Successfully signed and timestamped: working\output\FILE8.dll
Microsoft Windows XP [Version 5.1.2600]
Microsoft Windows XP [Version 5.1.2600]
Done Adding Additional Store
Number of files successfully Signed: 1
Number of warnings: 1
EXEC : SignTool error : The specified timestamp server could not be reached.
EXEC : SignTool warning : Signing succeeded, but an error occurred while attemp
ting to
timestamp: working\output\FILE8.dll
C:\PATHi\PROJECT.proj(331,5): error MSB3073: The command ""..\tool
s\signtool.exe" sign /f ..\Key.pfx /p PASSWORD /t h
ttp://tsa.starfieldtech.com working\output\FILE8.dll" exited with cod
e 2.
Done Building Project "C:\PATH\PROJECT.proj" (postTest target(s))
-- FAILED.
Build FAILED.
"C:\PATH\PROJECT.proj" (postTest target) (1) ->
(sign target) ->
EXEC : SignTool warning : Signing succeeded, but an error occurred while attempting to
"C:\PATH\PROJECT.proj" (postTest target) (1) ->
(sign target) ->
EXEC : SignTool error : The specified timestamp server could not be reached.
C:\PATH\PROJECT.proj(331,5): error MSB3073: The command ""..\to
ols\signtool.exe" sign /f ..\Key.pfx /p PASSWORD /t
http://tsa.starfieldtech.com working\output\FILE8.dll" exited with c
ode 2.
1 Warning(s)
2 Error(s)
Time Elapsed 00:02:39.93
I have seached for 2 days trying to find out what is wrong.
I can ping starfieldtech.com with no problem. It errors out randomly on a different file each time.
After contacting GoDaddy they informed me that they do not support certificates. Odd considering that they sell them............
Posted by: TR | 11/30/2009 at 02:01 PM
After exhausting review of this issue I think I have narrowed it down to the problem. I am running this XP machine as a virtual machine using VMware. The virtual machine is running on the same server as our RRAS/VPN server which is also running a replicated local DNS Server. In this configuration I believe the VMware virtual network adapter is experiencing DNS latency issues at sporadic times thus giving the server timeout issue I was receiving in my errors. I will move my VM to a new host machine and post my results.
--TR
Posted by: TR | 12/03/2009 at 01:32 PM
Moving the VM to a new machine worked. Looks like a VMware bug in a rare case.
--TR
Posted by: Ryan | 12/09/2009 at 12:44 PM