@Jeff Borden Got a response from the validation team: you can share WhoIs lookup, or purchase receipt for the domain, with a purchase, renewal date not older than 12 months from the current date and not expiring in less than 60 days.
Trusted Signing identity validation keeps refusing my valid company documentation without explaination and now auto fails any new identity request.
Hi,
I've been playing this game for weeks and now using Azure is reallllly hurting getting my startup launched. I'm trying to get signing certificate to make our new app installable on windows by alpha users but I'm stuck in this ridiculous process that they've created for validating identities for the new Azure Trusted Signing service. I'm paying for the subscription, and eventually they accepted my articles of incorporation of my LLC (with over 3 years of tax records) but refuse to accept my domain purchase invoice.
Had a long chat with my registrar and after a few hours of begging for anything other than a domain purchase reciept that will validate my ownership, I walked away with nothing. Now when I try to submit any different documentation that can validate my company, they just now auto-fail any new identity validation requests.
Why is this process so painfully broken and how can I move past this? I'm really starting to regret trying to get a signing cert this way and could really use some help. Feel stuck... :(
Azure Startups
Azure Trusted Signing
-
Givary-MSFT 32,676 Reputation points • Microsoft Employee
2024-08-07T08:10:53.07+00:00 @Jeff Borden Apologies you have to go through this process, help me with the validation id/org details so that i can check with my team on the above mentioned issue.
-
Jeff Borden 10 Reputation points
2024-08-07T18:20:50.2833333+00:00 @Givary-MSFT Thank you so much for the response!!! I'm so happy that there are humans to help, I've been feeling very hopeless.
Below are a few of my failed attempts validation ids:
e49f3af9-52d5-41c7-88ba-4782563b9ea3
aa294090-c760-47ff-82de-e1e8ddcb21ae
03aab812-d2bb-45f5-b738-6769fadbc45a
I unfortunately don't have an org id immediately handy.
I'm assuming the repeated rejections of my domain purchase invoice are because it's in my personal name and not the LLC on the invoice? If correct, I hoped this wouldn't be an issue as it's a single member LLC and all of the addresses & names do match up. Regardless, I don't know this is the reason for the rejections, as there is a sizable gap in communication when a rejection event occurs. Maybe you can let whoever is processing these requests provide a rejection reason so the end user can take corrective actions?
I realize this service is in preview and I do not mean to be critical - it's just been a long and frustrating process. Thank you for your help.
-
Arthur L 45 Reputation points
2024-08-08T02:32:43.62+00:00 This was the issue I had. I changed my company name to without an ", LLC" and they gave me another chance for submitting more documentation. I also changed my address so instead of showing address name, they show street name without additional stuff.
-
Jeff Borden 10 Reputation points
2024-08-08T19:10:59.2666667+00:00 @Arthur L do you mind sharing the types of documents you submitted successfully? Trying to figure out a route other than domain purchase invoices. Thanks.
-
Arthur L 45 Reputation points
2024-08-08T21:53:57.99+00:00 Lol I’m stuck with you too. I made a mistake and didn’t do this. I don’t know what result is yet with my status. I pray for it to not fail . Lol I recommend for the domain invoices or registry confirmation records for you to attach an assignment letter on company letterhead showing the relationship between the company and the purchaser. That is what Meha said. Like put this pdf with the domain invoice or submit the pdf if you have a chance when they ask you for an assignment letter.
-
Arthur L 45 Reputation points
2024-08-08T21:56:29.19+00:00 I am unsure though. I wish there was someone I could call for this because with Q&A, you might not always get a response from an employee, so there’s uncertainty.
-
Jeff Borden 10 Reputation points
2024-08-09T22:18:10.3833333+00:00 Hi @Givary-MSFT
Can you give an opinion on how I can best proceed successfully? I'd like to move forward with my waiting users ASAP. Many thanks.
-
Marilee Turscak-MSFT 36,851 Reputation points • Microsoft Employee
2024-08-12T17:08:26.3666667+00:00 Hi @Jeff Borden , we are validating this with a colleague from the Azure Trusted Signing team.
-
Jeff Borden 10 Reputation points
2024-08-14T18:11:33.1466667+00:00 @Meha-MSFT thank you for your response and for the information about the validation ruleset. Are the complete rules for each document type posted anywhere?
My registar includes "Privacy Protection", so whois doesn't work. During my "Identity Validation" processes, I submitted domain purchase receipts for 3 different domains of mine, trying to understand and get through the requirement - they all were rejected. To be fair, my domain purchase receipts didn't include an expiration date, but I don't recall that being a posted requirement during the validation process.
Based upon your above rules, this is the analysis for each of the domains that were rejected by the Identity Validation process:
- get<XXXXXX>.ai: Expiration Date - December 6, 2025
- Analysis: This domain will pass Microsoft's validation criteria because:
- The order date is December 6, 2023, which is within the last 12 months.
- The expiration date is December 6, 2025, which is more than 60 days away from the current date.
- kind<XXXX>.ai: Expiration Date - April 21, 2025
- Analysis: This domain will pass Microsoft's validation criteria because:
- The order date is April 21, 2023, which is within the last 12 months.
- The expiration date is April 21, 2025, which is more than 60 days away from the current date.
- kind<XXXX>.us: Expiration Date - February 2, 2025
- Analysis: This domain will fail Microsoft's validation criteria for the following reasons:
- The order date is February 1, 2021, which is more than 12 months old and does not meet Microsoft's requirement.
- Even though the expiration date is February 2, 2025, which is more than 60 days away, the old order date disqualifies it from passing the validation.
So given your rules, 2 of the 3 domains I submitted, actually pass. Am I supposed to modify the purchase receipt on future "Identity Validation" submissions, by writing in the expiration date? That doesn't feel authentic. Or does this process only support the percentage of DNS registars that print expriation dates on their purchase receipts?
Ultimately, how do I move past this roadblock? Digicert? I'm sure you understand that I need to cancel my subscription soon if I'm only paying to be in a broken process.
- get<XXXXXX>.ai: Expiration Date - December 6, 2025
-
Meha-MSFT 405 Reputation points • Microsoft Employee
2024-08-14T20:30:09.2933333+00:00 @Jeff Borden Thank you for the details, I am waiting on the validation team to hear more.
The requirements are listed in here: https://learn.microsoft.com/en-us/azure/trusted-signing/quickstart?tabs=registerrp-portal%2Caccount-portal%2Ccertificateprofile-portal%2Cdeleteresources-portal#important-information-for-public-identity-validation under More documentation section.
-
Jeff Borden 10 Reputation points
2024-08-20T17:00:13.6566667+00:00 Hi @Meha-MSFT
It has been almost a week since your last update. Does it really take a week to get a response? Don't you have MS Teams? Do i just need to give up at this point?
-
Jeff Borden 10 Reputation points
2024-08-20T17:04:35.22+00:00 @Meha-MSFT it has been almost a week since your update. How does getting a simple answer move so slowly? Do you guys not have MS Teams? Do I just need to give up at this point?
-
Meha-MSFT 405 Reputation points • Microsoft Employee
2024-08-20T20:01:09.95+00:00 @Jeff Borden The validation team mentioned they do need the expiration date on the invoice.
-
Jeff Borden 10 Reputation points
2024-08-20T22:46:31.7566667+00:00 That is a very limited response. Will it be accepted if I manually inject it into the domain purchase invoice? Or do you only support the domain registars that put it on there by default? If so, do you have a list of these registrars available? I NEED DETAILS FOR THIS TO BE COMPLETED SUCCESSFULLY!
Once you provide clarity on the above, can you get my account reset where I'm allowed to resubmit identity validation requests without getting auto-rejected?
-
Jeff Borden 10 Reputation points
2024-08-20T22:53:36.8933333+00:00 duped
-
Meha-MSFT 405 Reputation points • Microsoft Employee
2024-08-21T22:50:03.2533333+00:00 @Jeff Borden Correct, the expiration date has to come from the domain registrar. Our team does not have a list, however, I was told most registrars do provide the expiration date on it. Did you try uploading a whoIs lookup, if it's possible for you get that. On the account being reset there's no block on your account at the moment. You can very well create another request.
-
Jeff Borden 10 Reputation points
2024-08-22T16:20:20.94+00:00 @Meha-MSFT This was my comment over a week ago:
My registar includes "Privacy Protection", so whois doesn't work.
At this point it appears this process doesn't work for us. That would have been amazing to know before wasting over a month on it. I'm all for beta early release features, but this doesn't seem like a serious process or product you are offering - as no one seems intent on making it work. I'd love to have a chat with your product manager but we know that isn't happening. I'm very disappointed in trying Azure for my startup. If it felt like someone was trying to improve the process I'd stay bought in, but I don't feel that so I'm killing my subscription and am bailing on this broken process.
-
Jeff Borden 10 Reputation points
2024-08-28T20:48:24.7033333+00:00 I have been stuck in this process forever - and it keeps getting worse. I just submitted a new identity validation:
id: d756d79d-af83-4a3d-9088-58d77f1e65a0
and it was rejected without allowing me to provide documentation to support it. Why the auto rejection? it wasn't rejected due to a mismatch in DUNS.
So why was it rejected?
How do I move past this???
Why am I getting auto rejected for my very valid business. What is the problem? I don't have weeks to wait in between answers on a support thread. Maybe if the answers were productive, then I could wait - but they are not productive responses.
The continued response is to provide a whois lookup when I've already stated the registrar has privacy protection on the domain. I'm also told that my requests aren't being auto-rejected, but how do you explain the rejection for Identity validation id: d756d79d-af83-4a3d-9088-58d77f1e65a0
I asked on the thread:
can you get my account reset where I'm allowed to resubmit identity validation requests without getting auto-rejected?
and the response was:
On the account being reset there's no block on your account at the moment. You can very well create another request.
So what did I do wrong?
I was also told my domain purchase receipt needed an expiration date on it, and when i submitted just that, I got rejected again. Please for the love of God just be explicit and tell me what the issue is, instead of leaving me guessing and waiting forever.
I just need this to work. I'm throwing myself at your mercy. This is really hurting me. Please please please just help me move this forward. That's all I ask.
-
Arthur L 45 Reputation points
2024-08-28T22:43:29.45+00:00 Change your company name on request to have no “,LLC” and maybe change street in request to just have street name and nothing else without numbers just e.g Cool Street. Same problem happened for me. I finally got it approved tho
-
Arthur L 45 Reputation points
2024-08-28T22:47:16.8066667+00:00 I think you can still keep your Whois info the same but use company address for who is info (full address) and use your company name without the ,LLC. Then also put the company name into your personal name that appears in the who is too. If your name is Cool Guy, then change it to Good Company for who is.
-
louise 0 Reputation points
2024-10-15T09:00:12.21+00:00 @Givary-MSFT @Marilee Turscak-MSFT @Meha-MSFT
I also have the similar problems, currently all new validation request was auto rejected without any chances to upload any documents
Identity Validation IDs:
e09ed835-4a42-44b6-a198-14beaa8f885d (Failed after submitting document 3 times)
3ffaa143-a724-4d0a-a5f0-a2ebcfc8f478 (Failed without any chance to submit anything)
db35dcc2-545a-4945-8a65-02f544ffca6f (Failed without any chance to submit anything)
5076f5d4-8889-4694-86a6-68cb365efef6 (Failed without any chance to submit anything)
Need help for direction to progress from this issue, Thanks
Sign in to comment
6 answers
Sort by: Most helpful
-
Meha-MSFT 405 Reputation points • Microsoft Employee
2024-08-13T21:32:03.21+00:00 -
Jeff Borden 10 Reputation points
2024-08-14T17:57:49.2233333+00:00 @Meha-MSFT Thank you for your response. I'm curious, are these rules, and the rules for the other document types available somewhere?
Unfortunately my domain registration included "Privacy Protection" so my whois is obfuscated and won't work in this case. When I was allowed to submit "Identity Validation" requests, I tried submitting the purchase receipts for 3 of my different domains - and they were all rejected.
None of my domain purchase receipts included an expiration date however. I do not know if you are capturing the expiration date systematically for your analysis. Nor do I recall seeing that an expiration date was a posted requirement or a requested document type during the validation process.
Below is the analysis of the domain purchase receipts I submitted and their corresponding expiration, based upon the above ruleset you just shared:
- get<XXXXX>.ai: Expiration Date - December 6, 2025
- Analysis: This domain will pass Microsoft's validation criteria because:
- The order date is December 6, 2023, which is within the last 12 months.
- The expiration date is December 6, 2025, which is more than 60 days away from the current date.
- kind<XXXX>.ai: Expiration Date - April 21, 2025
- Analysis: This domain will pass Microsoft's validation criteria because:
- The order date is April 21, 2023, which is within the last 12 months.
- The expiration date is April 21, 2025, which is more than 60 days away from the current date.
- kind<XXXX>us: Expiration Date - February 2, 2025
- Analysis: This domain will fail Microsoft's validation criteria for the following reasons:
- The order date is February 1, 2021, which is more than 12 months old and does not meet Microsoft's requirement.
- Even though the expiration date is February 2, 2025, which is more than 60 days away, the old order date disqualifies it from passing the validation.
*Obviously you'll have to replace <XXXX> my the domains I submitted for review in your database.
So if 2 of my 3 domains pass your criteria, why did they fail? What did I do wrong? More importantly, how do I move past this roadblock? Digicert?
Ultimately, if I'm unable to submit whois and domain purchase reciepts, do I have other document types that I can submit or is there no other way for recourse? Additionally, I'm going to need to cancel my subscription soon if I'm just paying to be stuck in a broken process.
Many thanks.
- get<XXXXX>.ai: Expiration Date - December 6, 2025
Sign in to comment -
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
-
Meha-MSFT 405 Reputation points • Microsoft Employee
2024-10-15T21:56:13.79+00:00 @louise Here is what we received from the validation team: The documents you've shared do not match the accepted document types. Acceptable documents inlcude: Domain registration/invoice or renewal that lists entity/contact and domain as they are stated in your account. All documents submitted must be issued within the previous 12 months or where the expiration date is a future date that is atleast two months away.
-
louise 0 Reputation points
2024-10-16T01:26:01.2133333+00:00 @Meha-MSFT That is exactly what is my problem right now, I already tried to apply it back then in April and failed, Now I'm trying it again and got auto-fail for every new submission right now without any chance to upload new updated documents.I already included
- Every single receipt from domain purchase and renewal with purchase date of 6/12/2019 and last issued renewal of 5/13/2024 for 1 year. Expiration date is 6/12/2025 which can also being confirmed by whois
- I already contacted my domain registrar and disabled all the whois privacy masking setting that available. the most complete whois information can be retrieved and seen with whois search provided by my registrar which also already included and documented in my new updated document
- I put new TXT Record on my DNS with record showing the detail of my azure trusted signing request including company name, address, primary and secondary email that matched my validation request to further proofing that I really own and have control over the domain.
- I also attach my website screenshot showing company name, address and so on that also matched my validation request
Since I always get auto-rejected for every single new identity validation submission, I have no chance at all to upload new document to fix the issue.
I have tried
- Contacting azure representation in my country by phone with no luck
- Emailed and Phone Called Microsoft Azure Getting Started Specialist which contacted me during my validation request back then in April
- Emailed azcommunity with "ATTN:Givary" included in title hoping that someone probably can help me upload new updated document which I provided in that email as attachment
- Using the Github to ask for help
- Using this Microsoft Q&A
-
louise 0 Reputation points
2024-10-16T01:41:44.2833333+00:00 Should I just keep requesting new validation request until it wasn't auto-rejected? will it just make it worse? any direction to proceed? Edit:
Validation ID fe53c7a0-c1f4-49d9-8eea-666e2f7e0a08
Still get auto-failed, I guess keep requesting validation request is not the way to go
Sign in to comment -
-
Meha-MSFT 405 Reputation points • Microsoft Employee
2024-10-16T02:39:18.2133333+00:00 I have reached out to the team here.
-
louise 0 Reputation points
2024-10-16T05:27:00.2566667+00:00 still get direct-failed for Identity Validation ID 24c8c656-1630-4f28-a58a-a119f08348eb.
should I just wait for further direction for this ongoing issue?
Thanks for the support
-
Meha-MSFT 405 Reputation points • Microsoft Employee
2024-10-16T05:29:24.43+00:00 Yes please wait, thank you for your patience.
-
louise 0 Reputation points
2024-10-18T06:51:24.9733333+00:00 Is there any update regarding my issue? any common estimate time for feedback?
I only need a way to upload updated document for now so that I can start from the first step of the procedure just like anyone else does.
Since the system always auto fail my validation request, is there any way to upload the document for manual review?
Sign in to comment -