Symptoms
Consider the following scenario:
-
You have a Microsoft .NET Framework 2.0-based ClickOnce application that is signed with a chained certificate.
-
In the Security Settings dialog box in Internet Explorer, you disable the Run components not signed with Authenticodeoption.
-
You try to deploy the ClickOnce application by visiting the address of the server that hosts the application.
In this scenario, a System.Deployment.Application.InvalidDeploymentException exception occurs. Then, you receive the following error message:
Title: Cannot start Application
Description: Cannot continue. The application is improperly formatted.
Contact the application vendor for assistance.
Additionally, after you click Detail in the dialog box, you receive the following message:
Your Web browser does not allow you to run unsigned applications.
Cause
This problem occurs because ClickOnce does not recognize a chained certificate as a valid Authenticode certificate.
Resolution
Hotfix Information
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Alternatively, you can download this hotfix from the following Microsoft Connect Web site:
https://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=28951
Prerequisites
You must have the Microsoft .NET Framework 2.0 Service Pack 2 (SP2) or the Microsoft .NET Framework 3.5 Service Pack 1 (SP1) installed to apply this hotfix.
Restart requirement
You do not have to restart the computer after you apply this hotfix if no instance of the .NET Framework is in use.
Hotfix replacement information
This hotfix does not replace other hotfixes.
File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For all supported x86-based versions of Windows XP, of Windows Server 2000, and of Windows Server 2003
File name |
File version |
File size |
Date |
Time |
Platform |
---|---|---|---|---|---|
System.deployment.dll |
2.0.50727.4401 |
970,752 |
14-Sep-2009 |
05:20 |
x86 |
For all supported x64-based versions of Windows XP, of Windows Server 2000, and of Windows Server 2003
File name |
File version |
File size |
Date |
Time |
Platform |
---|---|---|---|---|---|
System.deployment.dll |
2.0.50727.4401 |
970,752 |
14-Sep-2009 |
04:55 |
x64 |
For all supported Itanium-based versions of Windows XP, of Windows Server 2000, and of Windows Server 2003
File name |
File version |
File size |
Date |
Time |
Platform |
---|---|---|---|---|---|
System.deployment.dll |
2.0.50727.4401 |
970,752 |
14-Sep-2009 |
04:55 |
IA-64 |
For all supported x86-based versions of Windows Vista SP2 and of Windows Server 2008 SP2
File name |
File version |
File size |
Date |
Time |
Platform |
---|---|---|---|---|---|
System.deployment.dll |
2.0.50727.4431 |
970,752 |
08-Feb-2010 |
07:02 |
x86 |
For all supported x64-based versions of Windows Vista SP2 and of Windows Server 2008 SP2
File name |
File version |
File size |
Date |
Time |
Platform |
---|---|---|---|---|---|
System.deployment.dll |
2.0.50727.4431 |
970,752 |
08-Feb-2010 |
07:02 |
x86 |
For all supported Itanium-based versions of Windows Server 2008 SP2
File name |
File version |
File size |
Date |
Time |
Platform |
---|---|---|---|---|---|
System.deployment.dll |
2.0.50727.4431 |
970,752 |
08-Feb-2010 |
07:02 |
x86 |
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
Additional file information
Additional file information for Windows Vista SP2 and of Windows Server 2008 SP2
Additional files for all supported x86-based versions of Windows Server 2008 SP2 and of Windows Vista SP2
File name |
Msil_system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_490c46ed4ae71a48.manifest |
File version |
Not Applicable |
File size |
4,671 |
Date (UTC) |
08-Feb-2010 |
Time (UTC) |
13:43 |
Additional files for all supported x64-based versions of Windows Server 2008 SP2 and of Windows Vista SP2
File name |
Amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_8bc8c3ffb14c485b.manifest |
File version |
Not Applicable |
File size |
5,506 |
Date (UTC) |
08-Feb-2010 |
Time (UTC) |
13:37 |
File name |
Msil_system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_490c46ed4ae71a48.manifest |
File version |
Not Applicable |
File size |
4,671 |
Date (UTC) |
08-Feb-2010 |
Time (UTC) |
13:43 |
Additional files for all supported Itanium-based versions of Windows Vista SP2
File name |
Ia64_netfx-system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_d375d898c5c8a945.manifest |
File version |
Not Applicable |
File size |
5,494 |
Date (UTC) |
08-Feb-2010 |
Time (UTC) |
13:17 |
File name |
Msil_system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_490c46ed4ae71a48.manifest |
File version |
Not Applicable |
File size |
4,671 |
Date (UTC) |
08-Feb-2010 |
Time (UTC) |
13:43 |
-
Authenticode is a Microsoft technology that uses industry-standard cryptography to sign application code with digital certificates. The digital certificates verify the authenticity of the publisher of the application.
-
A certificate chain is a sequence of certificates. Each certificate in the chain is signed by the next certificate in the sequence. Certificate chains are created to establish a chain of trust from a peer certificate to a trusted certification authority (CA) certificate. Certificates in the chain can be called "chained certificates."
For more information about the ClickOnce deployment for Microsoft .NET Windows Forms applications, visit the following Microsoft Developer Network (MSDN) Web site: