This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 15%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Hi, hi created a Trusted Signing Account for my company strictly following the guide. I have created with success the public certificate.
Then i followed the guide to sign the executables with SignTool (https://learn.microsoft.com/en-us/azure/trusted-signing/how-to-signing-integrations) but I always get the error below.
The very first time I've lauched, the browser opened to ask the authentication, that went good, but I got the error. Since then I have always got only the error
Sincerly it is not completely clear what exatly I should put in "CodeSigningAccountName" of metdatata.json, but I tried everything and nothing changed.
Can you help me ? Thanks
Unhandled managed exception
Azure.RequestFailedException: Service request failed.
Status: 403 (Forbidden)
Headers:
Date: Mon, 17 Feb 2025 14:21:51 GMT
Connection: keep-alive
Strict-Transport-Security: REDACTED
x-azure-ref: REDACTED
X-Cache: REDACTED
Content-Length: 0
at Azure.CodeSigning.CertificateProfileRestClient.SignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)
at Azure.CodeSigning.CertificateProfileClient.StartSignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)
at Azure.CodeSigning.Dlib.Core.DigestSigner.SignAsync(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle, CancellationToken cancellationToken)
at Azure.CodeSigning.Dlib.Core.DigestSigner.Sign(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle)
at AuthenticodeDigestSignExWithFileHandleManaged(_CRYPTOAPI_BLOB* pMetadataBlob, UInt32 digestAlgId, Byte* pbToBeSignedDigest, UInt32 cbToBeSignedDigest, Void* hFile, _CRYPTOAPI_BLOB* pSignedDigest, _CERT_CONTEXT** ppSignerCert, Void* hCertChainStore)
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 74%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Hello,
Welcome to Microsoft Q&A,
The error message you're seeing, Azure.RequestFailedException: Service request failed. Status: 403 (Forbidden), typically indicates an authentication or permission problem.
CodeSigningAccountName: This should be the name of your Trusted Signing account, not your email or user ID. Using incorrect values here can lead to a 403 Forbidden error. As noted in a Stack Overflow discussion, using the identity or app registration name instead of the Trusted Signing account name can cause this issue.
Also, There might be an issue with the cached credentials. Try clearing them and re-authenticating.
Please upvote and accept the answer if it helps!
Thank you for your answer. At the end the problems were two. The first one was the wrong CodeSigningAccountName, where I put my email. But the second was that the browser authentication was not working, so I excluded all the auth but az cli one and finally I made it
"ExcludeCredentials": [ "ManagedIdentityCredential", "EnvironmentCredential", "WorkloadIdentityCredential", "SharedTokenCacheCredential", "VisualStudioCredential", "VisualStudioCodeCredential", "AzurePowerShellCredential", "AzureDeveloperCliCredential", "InteractiveBrowserCredential" ]