Device Guard v2 not working properly

%3CLINGO-SUB%20id%3D%22lingo-sub-1819064%22%20slang%3D%22en-US%22%3EDevice%20Guard%20v2%20not%20working%20properly%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1819064%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20testing%20the%20new%20Device%20Guard%20v2%20signing%20feature.%20I%20can%20successfully%20sign%20the%20packages%2C%20but%20unable%20to%20install%20them.%20I've%20downloaded%20and%20imported%20the%20device%20guard%20root%20cert%20to%20all%20imaginable%20certificate%20stores%20without%20any%20luck%20following%20this%20article%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fmsix%2Fpackage%2Fsigning-package-device-guard-signing%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fmsix%2Fpackage%2Fsigning-package-device-guard-signing%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%2010%2020H2.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1820685%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20Guard%20v2%20not%20working%20properly%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1820685%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F846219%22%20target%3D%22_blank%22%3E%40xenappblog%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20obtain%20the%20root%20certificate%20of%20Device%20Guard%20Signing%20version%202%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20use%20the%20NuGet%20package%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.nuget.org%2Fpackages%2FMicrosoft.Acs.Dgss.Client%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ENuGet%20Gallery%20%7C%20Microsoft.Acs.Dgss.Client%201.0.4%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2.%20use%20the%20%E2%80%9CGet-RootCertificate%E2%80%9D%20command%20to%20obtain%20the%20root%20certificate%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20still%20having%20issues%20please%20let%20us%20know.%20We%20will%20update%20our%20documentation%20accordingly.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDian%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1824410%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20Guard%20v2%20not%20working%20properly%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1824410%22%20slang%3D%22en-US%22%3E%3CP%3ENo%20lucky%2C%20please%20advice%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1824568%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20Guard%20v2%20not%20working%20properly%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1824568%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F846219%22%20target%3D%22_blank%22%3E%40xenappblog%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20go%20the%20downloaded%20package%20folder%20and%20use%20the%20%E2%80%9CGet-RootCertificate%E2%80%9D%20command%20as%20follows%20in%20the%20Read%20me.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorDian%20Hartono_1%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorDian%20Hartono_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1824860%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20Guard%20v2%20not%20working%20properly%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1824860%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F144649%22%20target%3D%22_blank%22%3E%40Dian%20Hartono%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EIm%20having%20similar%20issues%3CBR%20%2F%3Eive%20managed%20to%20get%20the%26nbsp%3BMicrosoft.Acs.Dgss.Client%20module%20imported%20and%20running.%3C%2FP%3E%3CP%3Ei%20have%20followed%20the%20instructions%20listed%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fmsix%2Fpackage%2Fsigning-package-device-guard-signing%23register-your-app-in-the-azure-portal%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ERegister%20your%20app%20in%20the%20Azure%20Portal%3C%2FA%3E%26nbsp%3Bto%20configure%20the%20app%20registration%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewhen%20i%20run%20%22Get-RootCertificate%20-OutFile%20C%3A%5CTemp%5Crootcert.cer%20-appid%20%3CAPP%20client%3D%22%22%20guid%3D%22%22%3E%22%3C%2FAPP%3E%3C%2FP%3E%3CP%3Eafter%20signing%20in%2C%20i%20get%20an%20error%20stating%20that%20the%20reply%20URL%20is%20wrong%2C%20but%20that%20URL%20is%20not%20listed%20in%20the%20app%20registration%20documentation%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

I'm testing the new Device Guard v2 signing feature. I can successfully sign the packages, but unable to install them. I've downloaded and imported the device guard root cert to all imaginable certificate stores without any luck following this article - https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing

 

Windows 10 20H2.

4 Replies

Hi @xenappblog 

 

To obtain the root certificate of Device Guard Signing version 2: 

1. use the NuGet package: NuGet Gallery | Microsoft.Acs.Dgss.Client 1.0.4 

2. use the “Get-RootCertificate” command to obtain the root certificate

 

If you are still having issues please let us know. We will update our documentation accordingly. 

 

Thank you, 

 

Dian 

No lucky, please advice

Hi @xenappblog 

 

Please go the downloaded package folder and use the “Get-RootCertificate” command as follows in the Read me. 

 

 

 

 

 

 

 

@Dian Hartono 
Im having similar issues
ive managed to get the Microsoft.Acs.Dgss.Client module imported and running.

i have followed the instructions listed here: Register your app in the Azure Portal to configure the app registration

 

when i run "Get-RootCertificate -OutFile C:\Temp\rootcert.cer -appid <App Client GUID>"

after signing in, i get an error stating that the reply URL is wrong, but that URL is not listed in the app registration documentation