VeriSign timestamp server

I have a huge annoyance. My build server gets screwed over by the verisign
timestamp server on a regular basis as it appears that this service is down
on a regular basis “for maintenance”.

This:

SIGNTASK : SignTool error : The specified timestamp server either could not
be reached

is really pissing me off.

So before I plunge down the path of modifying build processes to use an
alternate timestamp server (e.g. comodo) has anyone else done this? Are
there reliable alternatives? Do they actually work correctly?

Clues, hints, dire warnings appreciated.

Mark Roddy

Hmm. This sounds kind of like a problem we have experienced too, but I’m not sure it’s exactly the same.

Let me investigate and get back to you.

mm

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Friday, August 01, 2014 9:51 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] VeriSign timestamp server

I have a huge annoyance. My build server gets screwed over by the verisign timestamp server on a regular basis as it appears that this service is down on a regular basis “for maintenance”.

This:

SIGNTASK : SignTool error : The specified timestamp server either could not be reached

is really pissing me off.

So before I plunge down the path of modifying build processes to use an alternate timestamp server (e.g. comodo) has anyone else done this? Are there reliable alternatives? Do they actually work correctly?

Clues, hints, dire warnings appreciated.

Mark Roddy

— NTDEV is sponsored by OSR Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See http://www.osr.com/careers For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Nope, sorry Mark – our issue doesn’t sound like yours.

Ours was more of a retry-in-a-loop-with-a-delay-in-between sort of thing.

mm

From: Martin O’Brien [mailto:xxxxx@gmail.com]
Sent: Friday, August 01, 2014 9:55 AM
To: ‘Windows System Software Devs Interest List’
Subject: RE: [ntdev] VeriSign timestamp server

Hmm. This sounds kind of like a problem we have experienced too, but I’m not sure it’s exactly the same.

Let me investigate and get back to you.

mm

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Friday, August 01, 2014 9:51 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] VeriSign timestamp server

I have a huge annoyance. My build server gets screwed over by the verisign timestamp server on a regular basis as it appears that this service is down on a regular basis “for maintenance”.

This:

SIGNTASK : SignTool error : The specified timestamp server either could not be reached

is really pissing me off.

So before I plunge down the path of modifying build processes to use an alternate timestamp server (e.g. comodo) has anyone else done this? Are there reliable alternatives? Do they actually work correctly?

Clues, hints, dire warnings appreciated.

Mark Roddy

— NTDEV is sponsored by OSR Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See http://www.osr.com/careers For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Are you just retrying siging if signtool complains?

Mark Roddy

On Fri, Aug 1, 2014 at 10:05 AM, Martin O’Brien <
xxxxx@gmail.com> wrote:

Nope, sorry Mark – our issue doesn’t sound like yours.

Ours was more of a retry-in-a-loop-with-a-delay-in-between sort of thing.

mm

*From:* Martin O’Brien [mailto:xxxxx@gmail.com]
*Sent:* Friday, August 01, 2014 9:55 AM

*To:* ‘Windows System Software Devs Interest List’
*Subject:* RE: [ntdev] VeriSign timestamp server

Hmm. This sounds kind of like a problem we have experienced too, but I’m
not sure it’s exactly the same.

Let me investigate and get back to you.

mm

*From:* xxxxx@lists.osr.com [
mailto:xxxxx@lists.osr.com
] *On Behalf Of *Mark Roddy
> Sent: Friday, August 01, 2014 9:51 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] VeriSign timestamp server
>
>
>
> I have a huge annoyance. My build server gets screwed over by the verisign
> timestamp server on a regular basis as it appears that this service is down
> on a regular basis “for maintenance”.
>
>
>
> This:
>
>
>
> SIGNTASK : SignTool error : The specified timestamp server either could
> not be reached
>
>
>
> is really pissing me off.
>
>
>
> So before I plunge down the path of modifying build processes to use an
> alternate timestamp server (e.g. comodo) has anyone else done this? Are
> there reliable alternatives? Do they actually work correctly?
>
>
>
> Clues, hints, dire warnings appreciated.
>
>
> Mark Roddy
>
> — NTDEV is sponsored by OSR Visit the list at:
> http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See
> http://www.osr.com/careers For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Yes. In a loop with (I think) a 30s delay in between each. Not sure how long the delay is exactly.

It sounds like your case is more of hard failure? This happens to us pretty commonly, but the loop works around it.

mm

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Friday, August 01, 2014 12:02 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] VeriSign timestamp server

Are you just retrying siging if signtool complains?

Mark Roddy

On Fri, Aug 1, 2014 at 10:05 AM, Martin O’Brien wrote:

Nope, sorry Mark – our issue doesn’t sound like yours.

Ours was more of a retry-in-a-loop-with-a-delay-in-between sort of thing.

mm

From: Martin O’Brien [mailto:xxxxx@gmail.com]
Sent: Friday, August 01, 2014 9:55 AM

To: ‘Windows System Software Devs Interest List’

Subject: RE: [ntdev] VeriSign timestamp server

Hmm. This sounds kind of like a problem we have experienced too, but I’m not sure it’s exactly the same.

Let me investigate and get back to you.

mm

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Friday, August 01, 2014 9:51 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] VeriSign timestamp server

I have a huge annoyance. My build server gets screwed over by the verisign timestamp server on a regular basis as it appears that this service is down on a regular basis “for maintenance”.

This:

SIGNTASK : SignTool error : The specified timestamp server either could not be reached

is really pissing me off.

So before I plunge down the path of modifying build processes to use an alternate timestamp server (e.g. comodo) has anyone else done this? Are there reliable alternatives? Do they actually work correctly?

Clues, hints, dire warnings appreciated.

Mark Roddy

— NTDEV is sponsored by OSR Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See http://www.osr.com/careers For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

— NTDEV is sponsored by OSR Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See http://www.osr.com/careers For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

I also use the retry loop method. Really annoying. One day I’m going to get signing figured out through our HSM. Ya know, when I get so bored I have nothing else to do.

On 8/1/2014 7:51 AM, Mark Roddy wrote:

I have a huge annoyance. My build server gets screwed over by the
verisign timestamp server on a regular basis as it appears that this
service is down on a regular basis “for maintenance”.

This:

SIGNTASK : SignTool error : The specified timestamp server either
could not be reached

is really pissing me off.

So before I plunge down the path of modifying build processes to use
an alternate timestamp server (e.g. comodo) has anyone else done this?
Are there reliable alternatives? Do they actually work correctly?

We have a custom MSBuild task that retries every 10 seconds over a
couple of minutes, and it has totally eliminated the regular failures we
used to get due to the timestamp server not being reachable.


Bruce

Hmmm - that sounds reasonable and at least better than “oh for f*cks sake
the f*ing timeserver was out again”.

I hate “msbuild task” though. It always seems like a trivial thing to do
and ends up in some rat hole. Its a story with one point that takes 13.

Mark Roddy

On Fri, Aug 1, 2014 at 1:31 PM, Bruce Cran wrote:

> On 8/1/2014 7:51 AM, Mark Roddy wrote:
>
>> I have a huge annoyance. My build server gets screwed over by the
>> verisign timestamp server on a regular basis as it appears that this
>> service is down on a regular basis “for maintenance”.
>>
>> This:
>>
>> SIGNTASK : SignTool error : The specified timestamp server either could
>> not be reached
>>
>> is really pissing me off.
>>
>> So before I plunge down the path of modifying build processes to use an
>> alternate timestamp server (e.g. comodo) has anyone else done this? Are
>> there reliable alternatives? Do they actually work correctly?
>>
>
> We have a custom MSBuild task that retries every 10 seconds over a couple
> of minutes, and it has totally eliminated the regular failures we used to
> get due to the timestamp server not being reachable.
>
> –
> Bruce
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

No I just use the stuff as is in VS and it dies on the spot. Now I have to
go modify it, not really what I want to do.

Mark Roddy

On Fri, Aug 1, 2014 at 12:06 PM, Martin O’Brien <
xxxxx@gmail.com> wrote:

Yes. In a loop with (I think) a 30s delay in between each. Not sure how
long the delay is exactly.

It sounds like your case is more of hard failure? This happens to us
pretty commonly, but the loop works around it.

mm

*From:* xxxxx@lists.osr.com [mailto:
xxxxx@lists.osr.com] *On Behalf Of *Mark Roddy
*Sent:* Friday, August 01, 2014 12:02 PM

*To:* Windows System Software Devs Interest List
*Subject:* Re: [ntdev] VeriSign timestamp server

Are you just retrying siging if signtool complains?

Mark Roddy

On Fri, Aug 1, 2014 at 10:05 AM, Martin O’Brien <
xxxxx@gmail.com> wrote:

Nope, sorry Mark – our issue doesn’t sound like yours.

Ours was more of a retry-in-a-loop-with-a-delay-in-between sort of thing.

mm

*From:* Martin O’Brien [mailto:xxxxx@gmail.com]
*Sent:* Friday, August 01, 2014 9:55 AM

*To:* ‘Windows System Software Devs Interest List’

*Subject:* RE: [ntdev] VeriSign timestamp server

Hmm. This sounds kind of like a problem we have experienced too, but I’m
not sure it’s exactly the same.

Let me investigate and get back to you.

mm

*From:* xxxxx@lists.osr.com [
mailto:xxxxx@lists.osr.com
] *On Behalf Of *Mark Roddy
> Sent: Friday, August 01, 2014 9:51 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] VeriSign timestamp server
>
>
>
> I have a huge annoyance. My build server gets screwed over by the verisign
> timestamp server on a regular basis as it appears that this service is down
> on a regular basis “for maintenance”.
>
>
>
> This:
>
>
>
> SIGNTASK : SignTool error : The specified timestamp server either could
> not be reached
>
>
>
> is really pissing me off.
>
>
>
> So before I plunge down the path of modifying build processes to use an
> alternate timestamp server (e.g. comodo) has anyone else done this? Are
> there reliable alternatives? Do they actually work correctly?
>
>
>
> Clues, hints, dire warnings appreciated.
>
>
> Mark Roddy
>
> — NTDEV is sponsored by OSR Visit the list at:
> http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See
> http://www.osr.com/careers For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> — NTDEV is sponsored by OSR Visit the list at:
> http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See
> http://www.osr.com/careers For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Yeah, it takes a while to learn how it all works.

My custom task is now about 100 lines of C# code with 6 parameters (thumbprint, target, timestamp URL, description, cross certificate and the number of retries).

It would be nice if there was a repository of driver-related tasks similar to the MSBuild Extension Pack, though with more frequent WDK releases and documentation of tasks on MSDN hopefully it would quickly be obsolete.


Bruce

On Aug 1, 2014, at 12:35 PM, Mark Roddy wrote:
>
> Hmmm - that sounds reasonable and at least better than “oh for fcks sake the fing timeserver was out again”.
>
> I hate “msbuild task” though. It always seems like a trivial thing to do and ends up in some rat hole. Its a story with one point that takes 13.
>
> Mark Roddy
>
>
>> On Fri, Aug 1, 2014 at 1:31 PM, Bruce Cran wrote:
>>> On 8/1/2014 7:51 AM, Mark Roddy wrote:
>>> I have a huge annoyance. My build server gets screwed over by the verisign timestamp server on a regular basis as it appears that this service is down on a regular basis “for maintenance”.
>>>
>>> This:
>>>
>>> SIGNTASK : SignTool error : The specified timestamp server either could not be reached
>>>
>>> is really pissing me off.
>>>
>>> So before I plunge down the path of modifying build processes to use an alternate timestamp server (e.g. comodo) has anyone else done this? Are there reliable alternatives? Do they actually work correctly?
>>
>> We have a custom MSBuild task that retries every 10 seconds over a couple of minutes, and it has totally eliminated the regular failures we used to get due to the timestamp server not being reachable.
>>
>> –
>> Bruce
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>>
>> OSR is HIRING!! See http://www.osr.com/careers
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
> — NTDEV is sponsored by OSR Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See http://www.osr.com/careers For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer