Error 0x80091005 when signing msix

%3CLINGO-SUB%20id%3D%22lingo-sub-2060991%22%20slang%3D%22en-US%22%3EError%200x80091005%20when%20signing%20msix%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2060991%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20trying%20to%20sign%20an%20msix%20file%20I've%20created%2C%20however%20the%20signtool%20keeps%20giving%20me%20an%20error%3A%3C%2FP%3E%3CP%3ESignTool%20Error%3A%20An%20unexpected%20internal%20error%20has%20occurred.%3CBR%20%2F%3EError%20information%3A%20%22Error%3A%20SignerSign()%20failed.%22%20(-2146889723%2F0x80091005)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20publishername%20of%20the%20msix%20matches%20the%20subjectname%20of%20my%20certificate.%3C%2FP%3E%3CP%3EI%20cannot%20find%20any%20entries%20in%20eventlog%3A%3C%2FP%3E%3CP%3EPS%20C%3A%5CUsers%5CRobin%26gt%3B%20Get-WinEvent%20-ProviderName%20%22Microsoft-Windows-AppxPackagingOM%22%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EProviderName%3A%20Microsoft-Windows-AppxPackagingOM%3C%2FP%3E%3CP%3ETimeCreated%20Id%20LevelDisplayName%20Message%3CBR%20%2F%3E-----------%20--%20----------------%20-------%3CBR%20%2F%3E1%2F14%2F2021%203%3A28%3A34%20PM%20181%20Information%20The%20reader%20was%20created%20successfully%20without%20manifest%20validation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEnhanced%20Key%20Usage%20string%3A%26nbsp%3BCode%20Signing%20(1.3.6.1.5.5.7.3.3)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESigning%20.msi%2C%20.exe%2C%20.ps1%20works%20fine%20with%20the%20certificate.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20help%20me%20with%20this%3F%20Is%20something%20wrong%20with%20the%20certificate%2C%20or%20am%20I%20doing%20something%20wrong%20in%20the%20msix%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2061221%22%20slang%3D%22en-US%22%3ERe%3A%20Error%200x80091005%20when%20signing%20msix%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2061221%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F929123%22%20target%3D%22_blank%22%3E%40RobinRamaekers%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20what%20I%20know%20under%20Event%20viewer%20you%20can%20only%20find%20logs%20regarding%20your%20MSIX%20installation%2Funinstallation%20-%20not%20the%20build%20process.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBack%20to%20signing.%20These%20errors%20are%20the%20hardest%20to%20pinpoint%20and%20signtool%20does%20not%20help%20at%20all.%3CBR%20%2F%3E%3CBR%20%2F%3ETry%20to%20extract%20(with%207-zip)%20the%20contents%20of%20MSIX%20package%20and%20sign%20the%20files%20directly%20(update%20the%20script%20to%20recursively%20sign%20each%20file%20from%20the%20extracted%20folder).%20If%20this%20works%2C%20at%20least%20you%20can%20exclude%20a%20common%20error%20where%20the%20MSIX%20contains%20%3CA%20href%3D%22https%3A%2F%2Fwww.advancedinstaller.com%2Fuser-guide%2Ffaq-digital-signature.html%23question77%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Einvalid%20PE%20files%3C%2FA%3E.%20Usually%2C%20this%20should%20give%20a%20different%20error%20code%20from%20Signtool%2C%20but...%3CBR%20%2F%3E%3CBR%20%2F%3EOptionally%2C%20try%20to%20build%20another%20MSIX%20package%20to%20see%20if%20the%20problem%20is%20manifesting%20for%20any%20package%20or%20just%20this%20one.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

 

I'm trying to sign an msix file I've created, however the signtool keeps giving me an error:

SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2146889723/0x80091005)

 

The publishername of the msix matches the subjectname of my certificate.

I cannot find any entries in eventlog:

PS C:\Users\Robin> Get-WinEvent -ProviderName "Microsoft-Windows-AppxPackagingOM"


ProviderName: Microsoft-Windows-AppxPackagingOM

TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
1/14/2021 3:28:34 PM 181 Information The reader was created successfully without manifest validation.

 

Enhanced Key Usage string: Code Signing (1.3.6.1.5.5.7.3.3)

 

Signing .msi, .exe, .ps1 works fine with the certificate.

 

Can anyone help me with this? Is something wrong with the certificate, or am I doing something wrong in the msix?

 

 

2 Replies

Hi @RobinRamaekers 

 

From what I know under Event viewer you can only find logs regarding your MSIX installation/uninstallation - not the build process.

 

Back to signing. These errors are the hardest to pinpoint and signtool does not help at all.

Try to extract (with 7-zip) the contents of MSIX package and sign the files directly (update the script to recursively sign each file from the extracted folder). If this works, at least you can exclude a common error where the MSIX contains invalid PE files. Usually, this should give a different error code from Signtool, but...

Optionally, try to build another MSIX package to see if the problem is manifesting for any package or just this one.

 

@Bogdan Mitrache I was able to sign. Looks like I was using the 32-bit signtool.exe, when I switched over to the 64-bit it seemed to work.