Forum Discussion
The ms-appinstaller protocol has been disabled.
I just found out that users can no longer install my MSIX from my website. This is a WPF application packaged with "Windows Application Packaging Project" (wapproj). When users click the "Get the app" button they now see the error below saying the protocol has been disabled. Why is this? Is this permanent? Is there a way to enable it?
There's a short mention of this in the docs but it doesn't mention why this is happening or how to enable it.
Installing Windows 10 apps from a web page - MSIX | Microsoft Docs
Is this no longer supported?
<html>
<body>
<h1> MyApp Web Page </h1>
<a href="ms-appinstaller:?source=http://mywebservice.azureedge.net/HubApp.msix"> Install app package </a>
<a href="ms-appinstaller:?source=http://mywebservice.azureedge.net/HubAppBundle.msixbundle"> Install app bundle </a>
<a href="ms-appinstaller:?source=http://mywebservice.azureedge.net/HubAppSet.appinstaller"> Install related set </a>
</body>
</html>
The ms-appinstaller protocol has been disabled. Please ask the vendor to update the weblink. For more information go to aka.ms/ms-appinstaller-disabled
bvenhaus Thank you for your question. We removed the ms-appinstaller custom scheme due to a security vulnerability. We do intend to bring this back, and are working on it. For now, you can update the link on your website by removing 'ms-appinstaller:?source='
<html> <body> <h1> MyApp Web Page </h1> <a href="http://mywebservice.azureedge.net/HubApp.msix"> Install app package </a> <a href="http://mywebservice.azureedge.net/HubAppBundle.msixbundle"> Install app bundle </a> <a href="http://mywebservice.azureedge.net/HubAppSet.appinstaller"> Install related set </a> </body> </html>
55 Replies
For anybody that is still having issues with this here is how I temporarily solved this problem.
When my application starts up it checks the version number (manually maintained in my App.xaml) against the version hosted on our webserver. If there is an updated version it downloads a zip file with msix and the generated shell scripts. It then upzips the files and runs the shell script through PowerShell to install the new version.Note that this requires the device be in developer mode because executing the shell script is considered installing from an unknown publisher. I'm sure somebody smarter than me could find a work around that doesn't require developer mode (if so reply so I can make the changes).
- You might want to try signing the powershell scripts. We looked into doing that (for other reasons) a while back and it made windows significantly happier when it came to uac issues.
- FYI, there is now a blog post about this:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/disabling-the-msix-ms-appinstaller-protocol-handler/ba-p/3119479
- Thanks for sharing this information. Are you willing to share your scripts (genericized for security concerns of course) and/or provide further details? Unfortunately, it won't help us much as we were in the early stages of an initial rollout so 90% of our users community would not be able to use this workaround but it may help others with an established user base. This Microsoft created debacle also impacts new installs from the internet which use the same protocol, so we are unable to move forward.
hrb-2You can see my solution here https://github.com/MicrosoftDocs/msix-docs/issues/59#issuecomment-832260691
It does not use shell scripts (which also means it does not require developer mode) but you should be able to work out how to change that.
This is a workaround for a much older
bugfeature but it works here too.While we are on the subject, if you are manually editing your appinstaller file and/or your users are doing a lot of patching or installing at the moment, it is worth paying attention to this one as well: https://stackoverflow.com/questions/64381453/appinstaller-xml-issue/67390614#67390614
- We are also being affected by this with our packaged and signed WPF .Net Core application. I hope a real resolution is reached soon.
This is completely unacceptable for an installation technology. MSIX team: if you’re not willing to properly support AppInstaller, please put it it out of its misery.
- Reilly, while I agree completely with you about the support being unacceptable, the proper action would be to make it work no matter how many band-aids are required until an acceptable replacement is available. For UWP apps the writing may be on the wall anyway. This is starting to feel a lot like Silverlight. I only hope that we get a fix to carry us over till a re-write can be done in another technology. A company that can spend 67.8 BILLION on an acquisition but does not supply the necessary resources to fix an internal problem has lost interest in that product.
hrb-2 Maybe for UWP. Our UWP line of business App is actually in the Windows Store (well Windows Store for Business), but this was such a simpler solution. And Microsoft pushed the Windows Application Packaging Platform for everything so we have been using it to sideload WPF projects, but NoooOo.. They gotta break it just when things were getting easier to deploy. Unbelievable.. lol actually totally believable.
- Microsoft,
How do we auto update side loaded UWP / WinUI3 Apps now that you have disabled this?
How long will this be disabled for? it is a critical feature. To anyone else facing implementing a workaround and is using Azure pipelines:
here is a yaml task that will edit the generated html to remove the protocol and include explicit instructions that the button will cause a download, and the downloaded file should be run.
Anonymized example from my implementation:
And here is the task:
- task: PowerShell@2 inputs: targetType: 'inline' script: | $x = gci -Recurse *.html $page = get-content $x $newpage = $page | foreach { [regex]::Replace( $_,'ms-appinstaller\:\?source\=','' ) } $newpage = $newpage | foreach { [regex]::Replace( $_,'(<div class.*app-description[^<]*</div>)','$1'+[System.Environment]::NewLine+'<div class="insert instructions"><p style="color:red" >Installation instructions:<br>1. Click the install button to begin download of installer file<br>2. After download completes run installer file to install application</p></div>' ) } set-content $x -Value $newpageNote that there may be more efficient ways of accomplishing this, but I went with what I knew and could make generic.
- Thanks for this.
Do you know if the auto update feature to work still when applying this work around?
I am using the AppInstallerUpdateFrequency msbuild argum in my build pipeline.- JamievanWalsum -- as far as I know, the auto update will still work. Our apps that have been converted to msix don't have frequent updates right now, so I don't know from first hand experience yet. If I run into issues, I will post here.
- Our Microsoft Store app package for sideloading on our website has this issue.
If my understanding is correct, we just need to remove "ms-appinstaller:?source=" in index.html generated by Visual Studio.
In other words:
Change
<a href='ms-appinstaller:?source=https://www.mydomain.com/download/myapp.appinstaller'>
to
<a href='https://www.mydomain.com/download/myapp.appinstaller'>
- Updates do work, yes. The .appinstaller file helpfully contains its own URL and that's what's used for update checking.
Do you have a timeframe on when this will be addressed?
We have an .exe that is shipped on thousands of 3rd party drives that calls an ms-appinstaller link through the shell (no browser or web page involved). There isn't a way for us to just "update" the URL to not use ms-appinstaller.
- I'm affected by this bas well. Can we have a timeline for when this is likely to be fixed?
Aditi_Narvekar - As MSIX is the flagship technology for deploying and updating Microsoft applications, I hope M$ is taking what amounts to a service outage as a very high priority. This issue has broken our entire devops workflow and is affecting user confidence in the solution. The additional manual steps required as a workaround at the moment are not appropriate for our user base.
- Anyone found a workaround for the wapproj generated html? I dont love having to edit it every time I deploy a test build.
Aditi_NarvekarMicrosoft
bvenhaus Thank you for your question. We removed the ms-appinstaller custom scheme due to a security vulnerability. We do intend to bring this back, and are working on it. For now, you can update the link on your website by removing 'ms-appinstaller:?source='
<html> <body> <h1> MyApp Web Page </h1> <a href="http://mywebservice.azureedge.net/HubApp.msix"> Install app package </a> <a href="http://mywebservice.azureedge.net/HubAppBundle.msixbundle"> Install app bundle </a> <a href="http://mywebservice.azureedge.net/HubAppSet.appinstaller"> Install related set </a> </body> </html>@Aditi Now it has been more than a month - should MS be providing some updates on this issue???
It now has over 14,000 views - given how specific the issues is it would seem unlikely these are accidental occurrences and the impact is growing and being noticed. It is bad enough that the temporary fix of just cutting everyone off is most likely worse than the disease, but not informing folks of any progress on a fix implies a complete lack of progress and caring about the problems your customers are facing.Aditi_Narvekar Could you provide us any additional information on this? This has serious implications on how we distribute certain apps.
Can you at least confirm at least if it will eventually be restored? I understand if you cannot provide a timeline yet but we would like to know so we can plan accordingly. I would hate to go through the trouble of implementing an alternative (albeit less effective) approach only to have it restored shortly afterwards.
Thanks.
Ernie
- I've now opened a business support ticket on this from my company's support contract and set it to Sev-A, Critical Impact. I'll post here if I get traction.
Aditi_Narvekar could you please restore this functionality ASAP? This was a major sweeping break of what must be thousands of apps, if not more.
If the issue is unsigned apps using ms-appinstaller and carrying a malicious payload, please mitigate by disabling unsigned apps. If the issue is an EV certificate signed app using ms-appinstaller and carrying a malicious payload, please use certificate revocation to address the vulnerability.
I switched my application to use MSIX and an EV certificate because this is the best practice and most up to date tooling (via Visual Studio) for distributing a Windows app outside of the MS Store. This action has revoked, without notification, the proper way to securely distribute non-public Windows apps.
The cure is more harmful than the disease in this case.- I wonder if Aditi_Narvekar understands the implication for Microsoft customers with this issue? It would also be good for a reply to Jay Beavers' request.
It leaves our customers in a vulnerable situation by not being able to receive security updates to the framework, downloading the app is not a viable option - please restore this prootocol asap, we will all be losing business caused by this issue.
