User Profile
GrahamGB
Iron Contributor
Joined Jun 20, 2022
User Widgets
Recent Discussions
Re: Signing MSIX packages with Azure Trusted Signing Accounts
Have since identified that Trusted Signing Installer .msi doesn't install the correct configuration of dlib and compatible sign tool. Installing the latest sign tool 10.0.26610.3328 and dlib 1.0.68.0 using nuget packages overcomes the issue. Microsoft are updating documentation to reflect this, including ensuring that explicit paths to each component is set and calling signtool from the folder it resides in. & .\signtool.exe sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "<Path to Trusted Signing dlib bin folder>\x64\Azure.CodeSigning.Dlib.dll" /dmdf "<Path to metadata file>\metadata.json" <File to sign>915Views1like1CommentRe: Signing MSIX packages with Azure Trusted Signing Accounts
Using a self-sign certificate is only useful for test purposes to ensure the MSIX file isn't corrupt or something. My issue is that the Trusted Signing Client Tools does not allow me to sign the MSIX file, which is the requirement I want to exploit for our used case in the future. It's something a support case will help with if anyone else hasn't overcome this issue.86Views1like0CommentsRe: Signing MSIX packages with Azure Trusted Signing Accounts
I've had the same issue on both a VM Fusion Win10 VM as a Parralels Win11 VM, although I can successfully use s self signed certificate and install the package, using the same subject name listed in the certificate profile.376Views0likes2CommentsRe: Signing MSIX packages with Azure Trusted Signing Accounts
I have matched the Publisher details exactly with the same result. I have also tried to create an unsigned package using the same OID detailed https://learn.microsoft.com/en-us/windows/msix/package/unsigned-package. And it doesn't help when then trying to sign the package using the signer role. I can see that someone has previously managed to sign an MSIX using the trusted signing account but with different https://learn.microsoft.com/en-us/answers/questions/1665128/how-do-i-fix-azure-trusted-service-account-error-w?page=1&orderby=Helpful&comment=answer-1517331#newest-answer-commentfaced, but those suggestions haven't resolved the issue.403Views0likes5CommentsSigning MSIX packages with Azure Trusted Signing Accounts
I have a requirement to sign an MSIX package without access to a code signing certificate. I have successfully signed a powershell script using the Azure Trusted Signing Account: https://learn.microsoft.com/en-us/azure/trusted-signing/how-to-signing-integrations however when trying to sign either an exe of MSIX, i receive the signtool error: This file format cannot be signed because it is not recognized. Whereas the signtool documentation clearly states that .appx / .msix packages can be signed with this crypto tooling. There is no additional information in the AppX event viewer operational or debug areas that I can see. I have ensured that the publisher details match that of the certificate profile listed under the Trusted Signing Account resource in the Microsoft Packaging Tool, albeit I set a application specific publisher display name instead. Has anyone had any success using this process?Solved1.1KViews0likes11CommentsRe: MSIX Packageing Tool / signtool certificate issues
TIMOTHY_MANGAN, the script you are referring to, is that the same as in the msix toolkit to change certs and publisher information? I recently opened a thread related to this but not sure if itd the same script you had issued with.342Views0likes0CommentsMECM Supersedence issues with resigned MSIX packages
Without access to a time stamp server solution, we've needed to re-sign a selection of MSIX packages deployed to windows 10 devices with a new code signing certificate previously. That time has come around again and thinking ahead as we prepare for windows 11, we know the list of packages will increase as we convert more AppV packages, a review of the MSIX toolkit has been started. A couple of observations, I'll also place on the github https://github.com/microsoft/MSIX-Toolkit/issues list, perhaps somecan provide feedback and sights in to. jvintzel Firstly the packages get updates with the new certificate and publisher information as checked using the get-appxpackage cmdlet; however the publisherid is not substituted in the msix package name as per the MPT default naming standard when saving msix packages, so these have needed to be renamed with another powershell script afterwards. Secondly, we have seen some unexpected results when deploying the resigned packages via MECM targeting the previously signed application with supersedence rules to swap the packages around without an application version update. Scenarios where with the uninstall tick box selected the previous package is removed but MECM doesn't proceed to attempt to install the new replacement package. Or the uninstall selection is not made an the update results in the new package passing for detection but leaving only the previous package actually installed. Whilst I know some of this could be added to a MECM community thread, any shared experiences with using the toolkit would be welcome.149Views0likes0CommentsWindows Desktop (App) Runtime with latest MSIX Packaging Tool
I've noticed with the latest v1.2023.1212.0 release of the MSIX Packaging Tool, that several applications are now presenting the dependency for Microsoft.Windows.AppRuntime.1.4 where the same application version would not have presented this in the manifest in the earlier version of the tool. There is no mention of this in the release notes, as a consideration, and thought this would normally be added automatically if the packaged application indicated this requirement in their own release notes. The application works as expected without the runtime installed on the device, if this omitted from the manifest manually using the Package Editor. Any thoughts / justification / considerations to excluding this?Solved4.6KViews2likes3CommentsRe: MSIX Packaging Tool - Package Analyzer
@Fizaami, i've tried closing the MSIX Packaging tool down uninstalled the MSIX package that had been installed from the Temp folder but after re-launching MSIX Packaging Tool, the Package Analyzer still cycles at the same point suggesting it hasn't finished installing. I have also used the "Delete all temp files and logs generated" from within the Data and Settings options before re-attempting to no-avail. Does the Package Analyzer rely on internet connectivity in some way? Are there any considerations for disconnected environments?1.8KViews0likes2CommentsRe: MSIX Packaging Tool - Package Analyzer
That's what I expected to find, although there are no errors, and the only warnings appear in AppxPackaging/Operational related to Declared namespaces which are inapplicable, and will be ignored during manifest processing. I have some earlier errors prior to me starting the analysis related to AppExecutionAlias directory missing, with an an error code 0x8007010B, but appears at points where I had upgraded the MSIX Packaging Tool in the disconnected environment with the latest stable release.1.8KViews1like4CommentsRe: MSIX Packaging Tool - Package Analyzer
I had to use the Get-AppxLog -all parameter to see the related output, but the information above seemed to be the last time stamped relevant output. Prior to that it appears have finished the Add operation, and I am able to launch the application from the start menu, but I see no way to nudge the "Installing MSIX Package" prompt along along. If I cancel it, i can't resume again, as selecting "Analyze Package" again fails as the application is already installed.1.8KViews1like0CommentsRe: MSIX Packaging Tool - Package Analyzer
Thanks for this TIMOTHY_MANGAN, having checked the event viewer over, the last entry in the AppXDeploymentServer\Operational area highlights some information that there some remaining cost associated with the Deployment Add operation on my package that potentially un-accounted for? I have something similar to the article mentioned here. https://techcommunity.microsoft.com/t5/msix/what-is-the-quot-gap-quot-and-how-do-i-eliminate-it/m-p/2873569#M2758 Performance summary of Deployment Add operation on Package DemoApp_3.10.0.0_x64__xxxxxxxxxxxxx: Overall time: 12984 ms Enqueue cost: 531 ms Dequeue delay: 78 ms Bundle processing cost: 0 ms Indexing cost: 625 ms Resolve dependency cost: 31 ms Check approval cost: 47 ms Evaluation cost: 985 ms Hardlinking evaluation cost: 31 ms Gap: 15 ms Stage required cost: 7203 ms Flushing and closing files cost: 0 ms Gap: 157 ms Machine register cost: 265 ms Stage user data cost: 78 ms Gap: 47 ms Registration cost: 1313 ms Gap: 78 ms Repository commit transaction cost: 1047 ms Gap: 390 ms Data flush cost: 16 ms Post DeStage repository commit transaction cost: 0 ms Remaining cost: 94 ms1.8KViews0likes7CommentsRe: What is the "gap" and how do I eliminate it?
Aditi_Narvekar / MikeH what was the end result of this, as I have similar experiences with the Package Analyzer stalling after apparently successfully installing the MSIX package. https://techcommunity.microsoft.com/t5/msix/msix-packaging-tool-package-analyzer/m-p/4038759#M3988716Views0likes2CommentsMSIX Packaging Tool - Package Analyzer
I was using the 1.2023.1005 release of MSIX Packaging Tool after the October and November announcements and trying to experiment with the new Package Analyzer capabilities with a packaged MSIX through the Package Editor options. However, when I initiate the Analyze Package option from the Package Editor, it moves through creating the temporary MSIX package, which I can see is created in %Appdata%/Local/Temp/MsixPackagingTool/DiagOutDir/Logs_*number*\ along with a number of other files including a config.json & other manifest files. However once it moves the progress to Install MSIX Package it seems to stall. The log file in the same temporary folder location, denotes the last entries show that it successfully signed the .MSIX package without warnings or errors, however there is no further information listed showing it is doing something. I am carrying this analysis out in a HyperV virtual machine and have tried increasing the assigned memory from 2048mb to 4096mb and it isn't trying to use all that much of that. In the absence of an up to date HyperV Quick Create iso image with an up to date MSIX Packaging Tool configured with this update, I have configured this in a disconnected environment. I have since seen the recent updates including some bug fixes with version 1.2023.1212.0 and initially having installed this update, one of the MSIX packages I was trying to analyse passed through all the expected steps and return no fixup recommendations. However checking other packages has resulted in the same progress bar stuck at Installing MSIX Package and after reverting the snapshots and trying with the same successful package it has hit similar issues. Clearing the temporary files in the Settings area, doesn't appear to have helped either. Are there any checks I need to make in terms of configuration to make this more reliable?2.6KViews0likes9CommentsRe: Microsoft Office add-in deployment using MSIX
Seems I've found the Feedback hub for MSIX as it still exists. https://techcommunity.microsoft.com/t5/msix-feedback/idb-p/MSIXIdeas Although the MSIX discussions are now aligned under Windows IT Pro Blog, as part of this change: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/realigning-the-msix-tech-community/ba-p/32442723.6KViews0likes0CommentsRe: Microsoft Office add-in deployment using MSIX
John Vintzel what is the link to the blog for Office that you suggest would track formal announcements for Office adopting MSIX, as this conversation is already in the MSIX discussion community area as there isn't a dedicated Blog for MSIX?3.7KViews0likes1Comment
Recent Blog Articles
No content to show