Symptoms

Consider the following scenario:

  • You have a Microsoft .NET Framework 2.0-based ClickOnce application that is signed with a chained certificate.

  • In the Security Settings dialog box in Internet Explorer, you disable the Run components not signed with Authenticodeoption.

  • You try to deploy the ClickOnce application by visiting the address of the server that hosts the application.

In this scenario, a System.Deployment.Application.InvalidDeploymentException exception occurs. Then, you receive the following error message:

Title: Cannot start Application
Description: Cannot continue. The application is improperly formatted.
Contact the application vendor for assistance.

Additionally, after you click Detail in the dialog box, you receive the following message:

Your Web browser does not allow you to run unsigned applications.

Cause

This problem occurs because ClickOnce does not recognize a chained certificate as a valid Authenticode certificate.

Resolution

Hotfix Information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


Alternatively, you can download this hotfix from the following Microsoft Connect Web site:

https://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=28951

Prerequisites

You must have the Microsoft .NET Framework 2.0 Service Pack 2 (SP2) or the Microsoft .NET Framework 3.5 Service Pack 1 (SP1) installed to apply this hotfix.

Restart requirement

You do not have to restart the computer after you apply this hotfix if no instance of the .NET Framework is in use.

Hotfix replacement information

This hotfix does not replace other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported x86-based versions of Windows XP, of Windows Server 2000, and of Windows Server 2003

File name

File version

File size

Date

Time

Platform

System.deployment.dll

2.0.50727.4401

970,752

14-Sep-2009

05:20

x86


For all supported x64-based versions of Windows XP, of Windows Server 2000, and of Windows Server 2003

File name

File version

File size

Date

Time

Platform

System.deployment.dll

2.0.50727.4401

970,752

14-Sep-2009

04:55

x64


For all supported Itanium-based versions of Windows XP, of Windows Server 2000, and of Windows Server 2003

File name

File version

File size

Date

Time

Platform

System.deployment.dll

2.0.50727.4401

970,752

14-Sep-2009

04:55

IA-64

For all supported x86-based versions of Windows Vista SP2 and of Windows Server 2008 SP2


File name

File version

File size

Date

Time

Platform

System.deployment.dll

2.0.50727.4431

970,752

08-Feb-2010

07:02

x86

For all supported x64-based versions of Windows Vista SP2 and of Windows Server 2008 SP2


File name

File version

File size

Date

Time

Platform

System.deployment.dll

2.0.50727.4431

970,752

08-Feb-2010

07:02

x86

For all supported Itanium-based versions of Windows Server 2008 SP2


File name

File version

File size

Date

Time

Platform

System.deployment.dll

2.0.50727.4431

970,752

08-Feb-2010

07:02

x86


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

Additional file information


Additional file information for Windows Vista SP2 and of Windows Server 2008 SP2

Additional files for all supported x86-based versions of Windows Server 2008 SP2 and of Windows Vista SP2

File name

Msil_system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_490c46ed4ae71a48.manifest

File version

Not Applicable

File size

4,671

Date (UTC)

08-Feb-2010

Time (UTC)

13:43

Additional files for all supported x64-based versions of Windows Server 2008 SP2 and of Windows Vista SP2


File name

Amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_8bc8c3ffb14c485b.manifest

File version

Not Applicable

File size

5,506

Date (UTC)

08-Feb-2010

Time (UTC)

13:37

File name

Msil_system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_490c46ed4ae71a48.manifest

File version

Not Applicable

File size

4,671

Date (UTC)

08-Feb-2010

Time (UTC)

13:43

Additional files for all supported Itanium-based versions of Windows Vista SP2

File name

Ia64_netfx-system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_d375d898c5c8a945.manifest

File version

Not Applicable

File size

5,494

Date (UTC)

08-Feb-2010

Time (UTC)

13:17

File name

Msil_system.deployment_b03f5f7f11d50a3a_6.0.6002.22331_none_490c46ed4ae71a48.manifest

File version

Not Applicable

File size

4,671

Date (UTC)

08-Feb-2010

Time (UTC)

13:43

  • Authenticode is a Microsoft technology that uses industry-standard cryptography to sign application code with digital certificates. The digital certificates verify the authenticity of the publisher of the application.

  • A certificate chain is a sequence of certificates. Each certificate in the chain is signed by the next certificate in the sequence. Certificate chains are created to establish a chain of trust from a peer certificate to a trusted certification authority (CA) certificate. Certificates in the chain can be called "chained certificates."

For more information about the ClickOnce deployment for Microsoft .NET Windows Forms applications, visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn.microsoft.com/en-us/library/wh45kb66.aspx

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×