SignerSign() failed. (-2146869243/0x80096005)

Asked 2/6, 2020 at 20:45 Answered 12/3 at 21:38

I've been signing compiled apps for several months and have a script that calls the Windows 10 SDK signtool. It's been working fine on two different computers and my certificate is valid. Today, I just started getting an "Unexpected internal error" with the error number listed above. I tried disabling antivirus which helped in this case but not mine.

My app is written in Delphi but I don't think that matters as this same problem was reported on Microsoft's Developer Community under Visual Studio. I had been using version 10.0.18362.0 of the SDK but after getting this error, found there's an update and tried version 10.0.19041.0 but got the same error.

Anyone else with this problem? Any suggestions?

Landsknecht answered 2/6, 2020 at 20:45 Comment(0)

Same here. The issue was the demise of the comodoca.com timestamp server.

I switched to using DigiCert:

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe" sign /tr http://timestamp.digicert.com ...

UPDATE 2 (perplexed nailed it) comodoca.com actually still works fine, you just need to add a /td sha256 switch to your signtool.exe command, like this:

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe" sign /tr http://timestamp.comodoca.com /td sha256 ...

It seems DigiCert is throttling the number of timestamps they give out anyway, so I had to switch back. BTW note that you can still use any digital cert from any cert authority, it doesn't have to be from DigiCert to use their timestamp server.

Neaten answered 2/6, 2020 at 23:55 Comment(8)

Thank you! That was indeed the problem! – Landsknecht 3/6, 2020 at 0:3

Here's more information I just found out: Need to use /?td=sha256 : timestamp.comodoca.com/?td=sha256 - the SHA1 server has been deprecated as of May 30, 2020 (all the SHA1 roots have now expired) – Landsknecht 3/6, 2020 at 0:44

Jon, could you put David's information in the answer? That solution worked for me without changing the timestamp server – Paco 3/6, 2020 at 14:12

THANK YOU! This just started happening to me too. That's 4 hours of my life Ill never get back, – Neibart 3/6, 2020 at 15:48

Davids answer is not working for me. I tried using "timestamp.comodoca.com/?td=sha256" and it failed. changing it to .digicert. works. – Neibart 3/6, 2020 at 15:55

I actually didn't try adding the "sha256" parameter but simply switched to using digitcert. I was just passing along information I found on the VS developer community forum. – Landsknecht 3/6, 2020 at 17:7

please have a look at the note published on Comodo (now Sectigo) knowledge based: "If you are signing several pieces of software with a script, please add a delay of 15 seconds or more between signings so that you're not hammering our servers." available here: support.sectigo.com/… – Crucifix 4/6, 2020 at 14:51

The only change needed is the use of the argument string '/td sha256' for signtool. Any suffix (such as /?td=sha256 mentioned in some of the prior comments) for timestamp.comodoca.com appears to be unnecessary. – Obtrude 5/6, 2020 at 6:5

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe" sign /tr http://timestamp.sectigo.com/?td=sha256 /td sha256 ....

the /?td=sha256 actually working, but recommend using their new domain name http://timestamp.sectigo.com and need add extra parameter /td sha256

Bainite answered 4/6, 2020 at 20:42 Comment(0)

Changing the password in the Authentication Client worked for me to get past this error.

Fleshings answered 12/3 at 21:38 Comment(0)

Recommended topics

Hot tags