This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 70%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello,
We have a software with ClickOnce installer hosted on our website. This is never signed so far. Recently we set up Azure Trusted Signing to sign the ClickOnce installer using this tool
https://github.com/dotnet/sign
Here is the command we use
sign code trusted-signing -tse "https://eus.codesigning.azure.net" -tsa "xx" -tscp "xx" "**/*.application" -fl "FileList.txt" -m 5 -an "xx" -pn "xx" -t "http://timestamp.acs.microsoft.com"
Here is the FileList
**
**/*.application
**/*.exe.config.deploy
**/**/sqlcecompact40.dll.deploy
*.exe
!**/*.dll.deploy
After signing when I run the .application in root folder to install, there is still a security warning window, but it shows our company name as publisher and the shield icon is green with check. After installation the software runs without triggering the SmartScreen blue warning window. I assume the signing process is successful.
Then I uploaded the whole ClickOnce folder to our website. On the test computer, it already has the previous unsigned version installed. Running the software .exe now brings an error window. Here are the details.
PLATFORM VERSION INFO
Windows : 10.0.22631.0 (Win32NT)
Common Language Runtime : 4.0.30319.42000
System.Deployment.dll : 4.8.9176.0 built by: NET481REL1LAST_B
clr.dll : 4.8.9300.0 built by: NET481REL1LAST_C
dfdll.dll : 4.8.9176.0 built by: NET481REL1LAST_B
dfshim.dll : 10.0.22621.1 (WinBuild.160101.0800)
SOURCES
Deployment url : ClickOnce local file directory
Server : nginx/1.25.5
Deployment Provider url : Our website folder link
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of ClickOnce local file directory .appref-ms| resulted in exception. Following failure messages were detected:
+ The deployment identity does not match the subscription.
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
WARNINGS
* The manifest for this application does not have a signature. Signature validation will be ignored.
OPERATION PROGRESS STATUS
* [4/30/2025 4:45:30 PM] : Activation of ClickOnce local file directory .appref-ms| has started.
* [4/30/2025 4:45:30 PM] : Performing necessary update check as specified by the deployment.
ERROR DETAILS
Following errors were detected during this operation.
* [4/30/2025 4:45:31 PM] System.Deployment.Application.DeploymentException (SubscriptionState)
- The deployment identity does not match the subscription.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.SubscriptionStore.CheckUpdateInManifest(SubscriptionState subState, Uri updateCodebaseUri, AssemblyManifest deployment, Version currentVersion, Boolean& bUpdateInPKTGroup)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentUpdate(SubscriptionState& subState, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ProcessOrFollowShortcut(String shortcutFile, String& errorPageUrl, TempFile& deployFile)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl, Uri& deploymentUri)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivationWithRetry(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivationWithRetry(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.
If I download the setup.exe file again and run, it will install the signed version, but as a duplicate instead of overwriting the previously installed unsigned version.
Is there anything wrong in my signing process? How do I correctly replace the unsigned version with the signed version without affecting the users who have already installed the unsigned version? Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 52%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
From the error looks like it means - "mismatch between the application's identity information in the deployment manifest and what's stored on the user's system from a previous installation."
Can you try:
Hello,
Hello @MN,
To understand the cause of the issue, I recommend reaching out to the ClickOnce support team for further assistance.
Hello @Raja Pothuraju,
How do I contact the ClickOnce support team? Thanks
@MN, Apologies for delayed response.
If you have support plan, please create a support ticket with below SAP: Developer Tools/.NET/.NET Framework 4.8/Installation and Deployment/ClickOnce applications from your portal.
Hi @Raja Pothuraju ,
No we don't have support plan. Is it still possible to get in contact with the ClickOnce team in this case?
Hi @MN,
Please share your email address and phone number over private message, Let's take this discussion offline.