visual-studiovisual-studio-2017

VS2017 installer - the package manifest failed signature validation


I have VS2015 installed, and previously had VS2017 installed on this machine. Adding an extension on VS2017 seemed to completely break my install, so I figured the next thing to do would be to reinstall VS2017.

Oh how I wish I didn't.

The installer has been failing with "The package manifest failed signature validation" I've tried following steps:

When running the installer, I am presented with:

enter image description here

prior to even selecting a product to install.

When attempting to follow "offline installer" steps at https://www.hanselman.com/blog/HowToMakeAnOfflineInstallerForVS2017.aspx

On the step where I run:

vs_community.exe --layout e:\vs2017offline --lang en-US

I am presented with (eventually) a console window:

enter image description here

The log files for the installation.

dd_setup_*.log:

[0df4:000c][2017-05-24T08:37:22] Setup Engine v1.10.101, Microsoft Windows NT 10.0.10586.0
[0df4:000c][2017-05-24T08:37:22] Command line: "C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Hosts\Microsoft.ServiceHub.Host.CLR\vs_installerservice.exe" desktopClr$C94B8CFE-E3FD-4BAF-A941-2866DBB566FE 18a10ed3a2b52a1e605bf4679dbe1364
[0df4:000c][2017-05-24T08:37:24] ManifestVerifier verification: Exception has been thrown by the target of an invocation. Stack:    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
   at Microsoft.VisualStudio.Setup.Security.ManifestMethods.CalculateHashValue(String dataBlob, String hashMethod)
   at Microsoft.VisualStudio.Setup.Security.ManifestVerifier.CheckSign(ManifestDoc manifestDoc, Signature signature, String layoutCertPath)
   at Microsoft.VisualStudio.Setup.Security.ManifestVerifier.Verify(FileStream fileStream, String path, String layoutCertPath)
[0df4:000c][2017-05-24T08:37:24] ManifestVerifier Result: Exception

dd_client_*.log

2017-05-24T08:37:01 : Verbose : Visual Studio Installer (1.10.30637.0 : update2) ["C:\\Program Files (x86)\\Microsoft Visual Studio\\Installer\\vs_installershell.exe","/finalizeInstall","install","--in","C:\\ProgramData\\Microsoft\\VisualStudio\\Packages\\_bootstrapper\\vs_setup_bootstrapper.json","--locale","en-US","--activityId","78239d59-bc71-44e1-b8c6-e67d586fbba5","--campaign","1601306246.1493817089"]
2017-05-24T08:37:02 : Verbose : Creating VS Telemetry Survey
2017-05-24T08:37:03 : Verbose : Received the application ready notification
2017-05-24T08:37:03 : Verbose : Starting ServiceHub Experimentation client.
2017-05-24T08:37:09 : Verbose : Calling ExperimentationProviderService.Initialize()
2017-05-24T08:37:09 : Verbose : ServiceHub Experimentation client started.
2017-05-24T08:37:09 : Verbose : ExperimentsIpcRpcService listening to ipc channel: ExperimentsProxy
2017-05-24T08:37:09 : Verbose : Experiments Ipc Service started.
2017-05-24T08:37:09 : Verbose : Telemetry Session ID: 2b7ca8c1-aa76-4fe1-81eb-36936b1e32d7
2017-05-24T08:37:09 : Verbose : Connected to Hub Controller's client watch 'net.pipe://1140e3f8da9d1a14f42763f0648c14f4'
2017-05-24T08:37:09 : Verbose : ServiceHubExperimentationClient.setSharedProperty(name, value) called,
 [name: VS.ABExp.Flights] [value: lazytoolboxinit;fwlargebuffer;refactoring;spmoretempsbtn1;c32bca7948ab42c;tn-none-15b;vswlaunchbcf]
2017-05-24T08:37:10 : Verbose : Calling ExperimentationProviderService.IsFlightEnabledAsync(flightId). [flightId: VSWLaunchBanner]
2017-05-24T08:37:10 : Verbose : ServiceHubExperimentationClient.postEvent(name, properties) called.
 [name: VS/ABExp/FlightRequest] [properties: {"VS.ABExp.Flight":"vswlaunchbanner","VS.ABExp.Result":"False"}]
2017-05-24T08:37:10 : Verbose : Resolved ExperimentationProviderService.IsFlightEnabledAsync(flightId).
 [flightId: VSWLaunchBanner] [result: false]
2017-05-24T08:37:11 : Verbose : Getting installed product summaries. [installerId: SetupEngine]
2017-05-24T08:37:11 : Verbose : Starting the installed products provider service.
2017-05-24T08:37:11 : Verbose : Starting the products provider service.
2017-05-24T08:37:11 : Verbose : Getting product summaries. [installerId: SetupEngine]
2017-05-24T08:37:11 : Verbose : Starting the installer service.
2017-05-24T08:37:11 : Verbose : Calling SetupEngine.Installer.Initialize. [locale: en-US]
2017-05-24T08:37:11 : Verbose : SetupEngine.Installer.Initialize succeeded. [locale: en-US]
2017-05-24T08:37:11 : Verbose : Started the installer service.
2017-05-24T08:37:11 : Verbose : Calling SetupEngine.Installer.IsElevated.
2017-05-24T08:37:11 : Verbose : SetupEngine.Installer.IsElevated succeeded.
2017-05-24T08:37:22 : Verbose : Started the products provider service.
2017-05-24T08:37:22 : Verbose : Started the installed products provider service.
2017-05-24T08:37:22 : Verbose : Getting product. [installerId: SetupEngine, productId: Microsoft.VisualStudio.Product.Professional].
2017-05-24T08:37:24 : Error : Failed to get product. [installerId: SetupEngine, productId: Microsoft.VisualStudio.Product.Professional, error: The installer manifest failed signature validation. at    at Microsoft.VisualStudio.Setup.Engine.Load(String path, Boolean skipVerify)
   at Microsoft.VisualStudio.Setup.Engine.Load(Uri manifestUri, Uri channelUri, Uri installChannelUri, CancellationToken token, Boolean skipVerify)
   at Microsoft.VisualStudio.Setup.Engine.Load(ChannelNode`1 channelProduct, CancellationToken token, Boolean skipVerify)
   at Microsoft.VisualStudio.Setup.ProductInstaller.CreateEngine(IEngineFactory engineFactory, IServiceProvider engineServiceProvider, IProgressReporter progressReporter, IMessageBus messageBus, IRestartManager restartManager, String instanceId, ChannelNode`1 channelProductSummary)
   at Microsoft.VisualStudio.Setup.ProductInstaller.GetEngine()
   at Microsoft.VisualStudio.Setup.ProductInstaller..ctor(ILogger logger, String language, LocalizedResourceFallback languageFallback, IEngineFactory engineFactory, IRestartManager restartManager, IInstance instance, ChannelNode`1 channelProductSummary, VersionBundle latestVersion, IServiceProvider setupServiceProvider)
   at Microsoft.VisualStudio.Setup.ProductInstallerFactory.Create(ChannelNode`1 channelProductSummary, IInstance instance, VersionBundle latestVersion)
   at Microsoft.VisualStudio.Setup.ProductInstallerCache.GetInstaller(String installerId, Func`2 func)
   at Microsoft.VisualStudio.Setup.ProductsProviderService.GetProduct(String channelId, String productId)]
2017-05-24T08:38:09 : Verbose : Closing installer. Return code: 0.
2017-05-24T08:38:09 : Verbose : [ProductsProviderImpl]: Rpc connection was closed.
2017-05-24T08:38:09 : Verbose : [InstalledProductsProviderImpl]: Rpc connection was closed.
2017-05-24T08:38:09 : Verbose : [InstallerImpl]: Rpc connection was closed.

I'm not sure what else to try, Microsoft live support did not offer anything new that I hadn't already tried in the above links.

Has anyone else experienced this and know how to help?

Oh, and I forgot to mention, the installer seems to be in such an unusable state, that I cannot sign in to report an issue. Additionally, the developercommunity.visualstudio.com website seems to have problems logging me in with my microsoft account as well.

[click sign in immediately get presented with error (where is the credential window? can't do anything on the screen without signing in


Solution

  • From: https://developercommunity.visualstudio.com/content/problem/3983/when-the-setup-start-i-receive-the-message-the-pac.html

    I found that setting by running gpedit.msc, then Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

    Basically turn off "Use FIPS compliant algorithms for encryption, hashing, and signing." fixed the issue.

    I don't know how this worked before, as I've never turned off this GP setting. Unless it's either a new setting for our GP, or MS is no longer using a FIPS compliant algorithm for... etc...