Skip to content

Signing process randomly fails #1027

Description

@weakve

When using sign tool in the pipelines, we've noticed that have been some problems with it, specifically since today. It fails to reach a service (not sure which one, we are using it for azure artifact signing) and later fails with permission denied error when deleting tmp files. Here is part of the log file:

[2026-06-10T21:10:10.156Z]       Service request failed.
[2026-06-10T21:10:10.156Z]       Status: 200 (OK)
[2026-06-10T21:10:10.156Z]       
[2026-06-10T21:10:10.156Z]       Content:
[2026-06-10T21:10:10.156Z]       {"operationId":"83b46f4d-598c-41d7-ab6d-5435aeef96d8","status":"Failed","signature":null,"signingCertificate":null,"counterSignature":null}
[2026-06-10T21:10:10.156Z]       
[2026-06-10T21:10:10.156Z]       Headers:
[2026-06-10T21:10:10.156Z]       Date: Wed, 10 Jun 2026 13:10:47 GMT
[2026-06-10T21:10:10.156Z]       Transfer-Encoding: chunked
[2026-06-10T21:10:10.156Z]       Connection: keep-alive
[2026-06-10T21:10:10.156Z]       Server: Kestrel
[2026-06-10T21:10:10.156Z]       Retry-After: 1
[2026-06-10T21:10:10.156Z]       Strict-Transport-Security: REDACTED
[2026-06-10T21:10:10.156Z]       mise-correlation-id: REDACTED
[2026-06-10T21:10:10.156Z]       Operation-Location: REDACTED
[2026-06-10T21:10:10.156Z]       api-supported-versions: REDACTED
[2026-06-10T21:10:10.156Z]       Content-Type: application/json; charset=utf-8
[2026-06-10T21:10:10.156Z]       
[2026-06-10T21:10:10.156Z]       Azure.RequestFailedException: Service request failed.
[2026-06-10T21:10:10.156Z]       Status: 200 (OK)
[2026-06-10T21:10:10.156Z]       
[2026-06-10T21:10:10.156Z]       Content:
[2026-06-10T21:10:10.156Z]       {"operationId":"83b46f4d-598c-41d7-ab6d-5435aeef96d8","status":"Failed","signature":null,"signingCertificate":null,"counterSignature":null}
[2026-06-10T21:10:10.157Z]       
[2026-06-10T21:10:10.157Z]       Headers:
[2026-06-10T21:10:10.157Z]       Date: Wed, 10 Jun 2026 13:10:47 GMT
[2026-06-10T21:10:10.157Z]       Transfer-Encoding: chunked
[2026-06-10T21:10:10.157Z]       Connection: keep-alive
[2026-06-10T21:10:10.157Z]       Server: Kestrel
[2026-06-10T21:10:10.157Z]       Retry-After: 1
[2026-06-10T21:10:10.157Z]       Strict-Transport-Security: REDACTED
[2026-06-10T21:10:10.157Z]       mise-correlation-id: REDACTED
[2026-06-10T21:10:10.157Z]       Operation-Location: REDACTED
[2026-06-10T21:10:10.157Z]       api-supported-versions: REDACTED
[2026-06-10T21:10:10.157Z]       Content-Type: application/json; charset=utf-8
[2026-06-10T21:10:10.157Z]       
[2026-06-10T21:10:10.157Z]          at Azure.Core.OperationInternals.UpdateStatusAsync(Boolean async, CancellationToken cancellationToken)
[2026-06-10T21:10:10.157Z]          at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
[2026-06-10T21:10:10.157Z]          at Azure.Core.OperationInternals.UpdateStatus(CancellationToken cancellationToken)
[2026-06-10T21:10:10.157Z]          at Azure.CodeSigning.CertificateProfileSignOperation.UpdateStatus(CancellationToken cancellationToken)
[2026-06-10T21:10:10.157Z]          at Azure.Core.OperationPoller.WaitForCompletionAsync(Boolean async, Operation operation, Nullable`1 delayHint, CancellationToken cancellationToken)
[2026-06-10T21:10:10.157Z]          at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
[2026-06-10T21:10:10.157Z]          at Azure.Core.OperationPoller.WaitForCompletion[T](Operation`1 operation, Nullable`1 delayHint, CancellationToken cancellationToken)
[2026-06-10T21:10:10.157Z]          at Azure.Operation`1.WaitForCompletion(CancellationToken cancellationToken)
[2026-06-10T21:10:10.157Z]          at Sign.SignatureProviders.ArtifactSigning.RSAArtifactSigning.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/Sign.SignatureProviders.ArtifactSigning/RSAArtifactSigning.cs:line 64
[2026-06-10T21:10:10.157Z]          at AzureSign.Core.AuthenticodeKeyVaultSigner.SignCallback(IntPtr pCertContext, IntPtr pvExtra, UInt32 algId, Byte[] pDigestToSign, UInt32 dwDigestToSign, CRYPTOAPI_BLOB& blob)
[2026-06-10T21:10:10.157Z]          at AzureSign.Core.Interop.mssign32.SignerSignEx3(SignerSignEx3Flags dwFlags, SIGNER_SUBJECT_INFO* pSubjectInfo, SIGNER_CERT* pSignerCert, SIGNER_SIGNATURE_INFO* pSignatureInfo, IntPtr pProviderInfo, SignerSignTimeStampFlags dwTimestampFlags, Byte* pszTimestampAlgorithmOid, Char* pwszHttpTimeStamp, IntPtr psRequest, Void* pSipData, IntPtr* ppSignerContext, IntPtr pCryptoPolicy, SIGN_INFO* pSignInfo, IntPtr pReserved)
[2026-06-10T21:10:10.157Z]          at AzureSign.Core.AuthenticodeKeyVaultSigner.SignFile(ReadOnlySpan`1 path, ReadOnlySpan`1 description, ReadOnlySpan`1 descriptionUrl, Nullable`1 pageHashing, ILogger logger, Boolean appendSignature)
[2026-06-10T21:10:10.157Z]          at Sign.Core.AzureSignToolSigner.SignFileCore(AuthenticodeKeyVaultSigner signer, FileInfo file, SignOptions options, FileInfo manifestFile) in /_/src/Sign.Core/DataFormatSigners/AzureSignToolSigner.cs:line 247
[2026-06-10T21:10:10.157Z]          at Sign.Core.AzureSignToolSigner.RunSignTool(AuthenticodeKeyVaultSigner signer, FileInfo file, SignOptions options) in /_/src/Sign.Core/DataFormatSigners/AzureSignToolSigner.cs:line 218
.
.
.
23:10:26  fail: Sign.Core.IDataFormatSigner[0]
23:10:26        Failed to sign. Attempts exceeded.
23:10:26  trce: Sign.Core.IDirectoryService[0]
23:10:26        Deleting directory C:\Users\not\AppData\Local\Temp\23thr32n.4sm.
23:10:26  warn: Sign.Core.IDirectoryService[0]
23:10:26        An exception occurred while attempting to delete directory C:\Users\not\AppData\Local\Temp\23thr32n.4sm.
23:10:26        System.IO.IOException: The process cannot access the file '2il00ucm.dll' because it is being used by another process.
23:10:26           at System.IO.FileSystem.RemoveDirectoryRecursive(String fullPath, WIN32_FIND_DATA& findData, Boolean topLevel)
23:10:26           at System.IO.FileSystem.RemoveDirectory(String fullPath, Boolean recursive)
23:10:26           at System.IO.DirectoryInfo.Delete(Boolean recursive)
23:10:26           at Sign.Core.DirectoryService.Delete(DirectoryInfo directory) in /_/src/Sign.Core/FileSystem/DirectoryService.cs:line 52
23:10:26  fail: Sign.Core.ISigner[0]
23:10:26        Failed to sign. Attempts exceeded.

23:10:26  Process failed with exit code: 2

Any idea what might have caused this and how to deal with it?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions