Error APPX1204 Creating App Package for upload to MS Store

WoodManEXP 80 Reputation points

This is happening with Visual Studio Insiders [11709.129] with a UWP XBox targeted app. The app has been successfully side-loaded and tested on Dev-mode XBox. Creating the App Package produces this error:

Failed to sign <filename.msix>. SignTool Error: An unexpected internal error has occurred.

There are several mentions of this error in various forums, but my efforts are not finding a resolution. The Project has been associated with an app in the store. Details in the Package.appxmanifest look to match details in the Microsoft Partner Center Product Identity page.

This may be related to information in the build generated certificate not matching info in the .appxmainifest? Thoughts and suggestions about how to approach resolving this are appreciated!

TY

  1. WoodManEXP 80 Reputation points

    The AI answer instructions were followed but did not resolve the issue.

    Comparing what’s in the .appxmanifest with Product identity on the Partner site shows that the values match in the two locations (likely as a result of the Associate App with the Store… operation).

    The generated AppPackage has two .cer files (one for _x64 and the other for _x86). The Certificate Manager contains a cert with the same Thumbprint as those gen’ed by the Publish->Create App Packages, but it has a different CN= value (perhaps from the earlier side-loading process…)

    That cert was removed from the Certificate Manager and now the Publish->Create App Packages throws these two errors

    APPX0102: A certificate with thumbprint 'ECBC11C1DF4A274797A9CFBE2E6A00651CC844BA' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.

    APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see .

    Should the Publish->Create App Packages be creating/managing these certificates including the certificate store?

    TY for any hints/ideas!!

Sign in to comment

Answer accepted by question author

Danny Nguyen (WICLOUD CORPORATION) 7,185 Reputation points Microsoft External Staff Moderator

Hi @WoodManEXP

APPX0102/APPX0107 mean the project is still referencing a signing cert thumbprint that either isn’t in the cert store anymore or isn’t usable for signing (most commonly: missing private key). The two .cer files in the output won’t help unless the corresponding cert+private key is installed and selected.

Can you try the following steps:

  • Recreate/install a test signing certificate (with private key) and then reselect it for the project; this MSIX doc walks through the cert creation/install steps: https://learn.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing
  • If APPX0102 persists, update/remove the stale <PackageCertificateThumbprint> in the .csproj so it stops referencing the deleted ECBC11… cert.
  • Confirm in certmgr.msc (Current User → Personal) that the selected cert shows “You have a private key…”—a .cer alone will typically produce APPX0107.
  • Since you’re on VS Insiders, try the same packaging step in stable VS once to rule out a tooling regression in SignTool/cert lookup.

Hope to hear the results from you. I would greatly appreciate it if you could share your feedback by interacting with the system or leaving a comment.

Thank you.

  1. WoodManEXP 80 Reputation points

    Hi Danny Nguyen,

    TY for taking the time to share your knowledge with this great response. I had come across https://learn.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing but did not understand that was what needed to happen for APPX1204.

    The instructions were followed, the package was successfully built and was uploaded to the MS Store.

    TY TY !!

Sign in to comment

1 additional answer

  1. AI answer

    APPX1204 with a generic SignTool Error: An unexpected internal error has occurred when creating a Store package is commonly caused by a mismatch between the package manifest identity and the signing certificate, or by an issue with the certificate itself.

    To systematically resolve it:

    1. Verify the certificate subject and manifest publisher match exactly
      1. In a PowerShell window, get the subject from the certificate actually used to sign the package (replace THUMBPRINT with the certificate thumbprint Visual Studio is using): 
         (Get-Item Cert:\CurrentUser\My\THUMBPRINT).Subject
        Example output: 
         CN=Contoso, C=US
      2. Open Package.appxmanifest in XML view and check the <Identity> element: 
         <Identity Name="YourAppName"
 Publisher="CN=Contoso, C=US"
 ... />
      3. Ensure the Publisher attribute matches the certificate subject string exactly, including commas, spaces, and ordering.
      4. If using Azure Artifact Signing (Trusted Signing), ensure the Publisher value matches the verified identity shown in the certificate profile’s Subject name field in the Azure portal.
    2. Rebuild and repackage
      1. After correcting the manifest, clean and rebuild the solution.
      2. Recreate the Store package so it is rebuilt with the corrected manifest.
      3. If packaging manually, repackage with MakeAppx.exe and re-sign using the corrected certificate.
    3. Confirm Partner Center identity alignment
      1. In Partner Center, open the app’s App identity page.
      2. Confirm that the Package/Identity/Name and publisher information shown there match the Name and Publisher in Package.appxmanifest.
      3. For Xbox UWP, also ensure the Package Identity (PFN) in the manifest matches what is configured in Partner Center.

    If the manifest identity and certificate subject are aligned and the PFN/App ID in Partner Center are correct, the APPX1204/SignTool error caused by signing/identity mismatch should be resolved.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.
Sign in to answer

Your answer