Trusted Signing identity validation status Failed with no explanation

[alexvoina]

[ Hi,

I am trying to set up trusted signing for my windows application. I followed this guide https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/

After creating my Identity validation request, status changed to "Action Required" after a few days. I was asked to provide "Domain purchase invoices or registry confirmation records". I followed the instructions in the guide above (he had the same issue) and provided my last invoice from Iwantmyname for the domain (of my website url, primary & secondary email).

Status changed to "In progress", and after a day moved to "Action Required" again, asking for the same document - "Domain purchase invoices or registry confirmation records". This time I got confused, and provided a document that proves my legal entity is registered in Romania.

Again, after a day or so, the same thing happened - "Action Requiered", asking for the same document, without any explanation about why my 2 attempts were not good.

Last thing I tried was to send another document, an invoice from google that shows that my domain is connected to a google workspace.

In the end, status changed to "Failed" and I have no Idea what to do next, because I have never gotten an explanation. I am completely lost.

]

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 291fe46c-deb3-a2c9-48a8-6805f4abe427
• Version Independent ID: 75b190d6-201f-69c5-6a13-50c13d976171
• Content: Quickstart: Set up Trusted Signing
• Content Source: articles/trusted-signing/quickstart.md
• Service: trusted-signing
• GitHub Login: @mehasharma
• Microsoft Alias: mesharm

[SaibabaBalapur-MSFT]

@alexvoina Thanks for bringing this to our attention. I'm going to assign this to the document author so they can take a look at it accordingly.

@mehasharma Can you please check and add your comments on this doc update request as applicable.

[TacoTechSharma]

@alexvoina let me follow up with the team here and get back. Can you share your Legal Entity's name?

[alexvoina]

Thanks for the quick reply

legal entity name: S.C. VOCODE TECHNOLOGY S.R.L, company website: www.vocode.io primary email vlad@vocode.io, secondary email (me) alex@vocode.io

[alexvoina]

@mehasharma any updates?

[alexvoina]

Should we just go on and start the application again and wish everything will work this time? I've heard others have had success with this approach

[vladvoina]

@mehasharma Any luck getting some information from the team on why our application has failed? We'd really appreciate your help here.

[TacoTechSharma]

@vladvoina I was out of office, just got back. I am following up with the team and will get back.

[vladvoina]

@mehasharma Welcome back! Thanks a lot

[alexvoina]

@mehasharma we started a new application, and this time I've provided a screenshot with the google DNS records (for email) registered in our iwantmyname account when asked for "Domain purchase invoices or registry confirmation records".

Perhaps you or the team can provide additional information on what document we need to provide. Thanks!

[TacoTechSharma]

Cool, let me check it out on my end and get back. Thank you for your patience here!

[jacobgorm]

I am seeing this issue too, for a company in Denmark, which should be trivial to validate given that we own our domain and have a valid DUNS number. I got asked to confirm my email address and then the requests just sat there for weeks in "in progress state" with nothing happened. I reached out to someone at MSFT in Denmark, and now the requests failed simultaneously with no explanation. Not sure if this whole thing is a joke or not at this point, all I know is I have wasted a lot of time and still not find a way to get my app signed.

[TacoTechSharma]

@jacobgorm Can you please share your org name for us to check? https://learn.microsoft.com/en-us/azure/trusted-signing/faq#what-if-i-fail-identity-validation

[jacobgorm]

Jamscape ApS (Jamscape.com) is the org.

[TacoTechSharma]

@jacobgorm At the moment, we can only onboard organizations that have been founded for more than 3 years. Hence, why we cannot proceed with the onboarding for Jamscape ApS. https://learn.microsoft.com/en-us/azure/trusted-signing/quickstart?tabs=registerrp-portal%2Caccount-portal%2Ccertificateprofile-portal%2Cdeleteresources-portal#important-information-for-public-identity-validation

[alexvoina]

@mehasharma I hope you didn't forget about us :))

[jacobgorm]

Are there any plans for relaxing the 3 years requirement?

[TacoTechSharma]

@alexvoina I absolutely did not :), still actively working with the team here. @jacobgorm We are working on expanding the availability to everyone, this will be available before the end of the summer.

[alexvoina]

@mehasharma

Update: Our second application has finally moved to 'Action Required' after being stuck for 3-4 days. Unfortunately, we are once again asked to provide the same "Domain purchase invoices or registry confirmation records."

I will proceed and try to upload the final (5th attempt) document that I believe can prove the ownership of the vocode.io domain, just to keep the process moving.

Anyways, at this point our hopes are entirely in your hands.

Thank you for your assistance!

[TacoTechSharma]

@alexvoina I am following up with the team here. Thank you for your patience and apologies this is taking awhile.

[alexvoina]

Hey @mehasharma! This morning we received an email that asked us to verify our email address and we took care of that. I assume that because of your effort to get us up and running with trusted signing - thank you!

However, I'm not really sure what the next steps are, since we have 2 Identiy Validtations in our azure portal (one with status 'Failed' and the other with 'Action Required').

Should we wait?

[nick-portagecreektech]

Hi @mehasharma, It seems I am runnning into this issue as well. I have provided a DUNS number for verification, I have uploaded my latest invoice for domain registration and it is once again asking for verification. Here are my company details:

legal entity name: Portage Creek Technologies, LLC company website: www.portagecreektech.com primary email nick@portagecreektech.com secondary email support@portagecreektech.com

Any assistance as to what specific documents you are looking for would be greatly appreciated. Thank you for the help!

[TacoTechSharma]

@alexvoina Looks like we've hit an edge case with the request, although we definitely did see it move forward. Do you mind creating another request with the exact same information as the request that is in Action Required state? @nick-portagecreektech I checked with the team here, your request seems to have completed.

[alexvoina]

@mehasharma done! Please don't make us wait another week to go through the same steps we did with our last request :(

[nick-portagecreektech]

@alexvoina Looks like we've hit an edge case with the request, although we definitely did see it move forward. Do you mind creating another request with the exact same information as the request that is in Action Required state? @nick-portagecreektech I checked with the team here, your request seems to have completed.

Thank you for reaching out and yes, I did get the notification that my request was completed! Here is more information that may assist others having a similar issue:

• My original submission included all required information and I used my DUNS number as my identifier
• In the first request for additional documentation, I included my latest invoice from my registrar for the portagecreektech.com domain name. This invoice was from 2022 as I had a multi-year renewal.
• When I got the second request (with no additional information) I went to my registrar and renewed the domain (even though I had a couple of years yet) which of course generated a new invoice with yesterday's date. I then uploaded that invoice and within an hour or so I received a message asking to confirm my email address.
• Got the approval message overnight.

So it appears renewing registration, even though unnecessary, and getting an invoice with a recent date was the key for me?!?

Maybe this will help someone else out. Thankful for this thread!

[alexvoina]

@mehasharma this morning I have created a new Identity Validation request as you suggested. The newly created request moved to "Action Required" quickly asking AGAIN for "Domain purchase invoices or registry confirmation records".

I provided one of the 5 documents that I thought would prove ownership, and now it moved to "Failed"

Weirdly enough, the 2nd request moved to "Failed" as well - the one which we've hit an edge case with.

I've got to be honest with you, this process is extremely painful & I am trying really hard not to lose my patience..

Please let me know what the next steps are.

[TacoTechSharma]

@alexvoina Thank you for patience, I can understand this is not working out in your favor as quickly as you'd hope. I believe the one that made better progress was "S.C. VOCODE TECHNOLOGY S.R.L." where as the one gets failed right away is SC VOCODE TECHNOLOGY SRL. The one you created on June 5th is SC VOCODE TECHNOLOGY SRL.

[awilhite111]

Hi, I was going to try to put some software out on the MS Store and my validation failed with no explanation as well . Is there a guide on prerequisites anywhere? I am single person developer and been trying to find a low-cost method to sell the software. This looked like a good path until I see you need 3 years of business.

[TacoTechSharma]

@awilhite111 Correct 3 years is a prerequisite. Beyond that, it's based on the outcome of the Validation process. https://learn.microsoft.com/en-us/azure/trusted-signing/quickstart?tabs=registerrp-portal%2Caccount-portal%2Ccertificateprofile-portal%2Cdeleteresources-portal#important-information-for-public-identity-validationsni

[alexvoina]

@mehasharma ok, I understand, but what should I do next?

[deufelix]

Hi, same here. My validation progress changed to "failed" with no further information why. I just created a new identity validation, hope it works this time. @mehasharma maybe you can provide me information, why it did fail? Thanks in advance and best regards, Felix

[johnbwoodruff]

Having the same issue, status moved to failed with no explanation. Would love clarity on what the recommended course of action is.

[TacoTechSharma]

@deufelix and @johnbwoodruff : Recommendation is to make sure the public records are upto date for the Legal Entity that is being validated. https://learn.microsoft.com/en-us/azure/trusted-signing/quickstart?tabs=registerrp-portal%2Caccount-portal%2Ccertificateprofile-portal%2Cdeleteresources-portal#important-information-for-public-identity-validation

@alexvoina If you are up for it, you can give one more try, however, prior to it please ensure all the domain information is upto date - if those are the documents that are being repeatedly requested.

[alexvoina]

@mehasharma Yesterday morning I created a new Identity Validation request and by the end of the day it moved to status "Completed", without asking for Domain ownership documents anymore.

Thank you so much for your assistance!

For anyone else here looking for answers, I can't tell for sure what it was that finally made it work but I have 2 things in mind:

1. We were an existing MS Store customer, so we had to use EXACTLY the same organization name as in our MS Store Legal Business Profile and to provide the Seller Id
2. We persevered and got rejected 3 times, which might have made Microsoft team drop the guard a bit

[TacoTechSharma]

@alexvoina I would refrain from making comments about "Microsoft" dropping the guard a bit in public forums. Since, that is not how the validation system works, and this can mislead others trying to onboard to the service.

[alexvoina]

@mehasharma my apologies! Indeed, we did make changes every time we submitted a new request, so persevering alone is not sufficient.

[microsoftshawarma]

please-close

[MikeJerred]

Hi I am having this same issue of being rejected with requests for the same documents several times and no explanation given. My company is over 3 years old and based in the UK.

[stockto2]

I finally figured out what was wrong and got verified, after having the same problem - request for "domain purchase invoices or registry confirmation records", over and over until it failed. Here are the two steps I suspect made the difference:

1. Turned off WHOIS privacy with the domain registrar so a WHOIS lookup would show my name and my company's name. (I was using Cloudflare, had to open a ticket with their support and they turned it off for me.)
2. Made sure both my name and my company's name were on the domain renewal receipt. Previously the billing address was to me only, with no mention of my company. I added my company to the billing address and re-renewed, uploaded the new receipt, and for the first time progressed to getting the "verify email address" email. After verifying my email, the identity validation finally changed to Completed after 5 days or so.

Hope that helps someone!

[RossWallgrenFX]

I'm in the same boat - failed with no explanation after sending several requested documents and unmasking my WHOIS information. I tried again with a different business identifier (there was no clear explanation of exactly what number was needed - as a sole proprietor I can't get a DUNS) and failed again right away.

@mehasharma You said trusted signing would be open to everybody by the end of the summer - is that not the case yet? Because my business is less than 3 years old. Otherwise I have no idea why I failed and would really like to get going with trusted signing.

[TacoTechSharma]

@RossWallgrenFX yep still working on making this available for everyone, including businesses that were incorporated less than 3 years ago.

[RossWallgrenFX]

@mehasharma Ok, I appreciate the info. Any idea of when it will be available, and how I can find out immediately? I'm basically ready to launch a product and would really hate to pay the $300+ for a traditional 3rd party cert if trusted signing for all is really around the corner.

[TacoTechSharma]

@RossWallgrenFX Totally get it. We are actively working on it, however, we envision it will atleast take until November to make the capability available.

[tybrannock24]

Had the same exact experience just now as everyone here. From what I'm reading, my best bet is to renew the domain (even though I'm not due for renewal until next year) and make sure WHOIS unmask my info (even though I don't have it set to be hidden)?

[MikeJerred]

I did manage to get mine working eventually. Some things to note: I had to use my VAT number as the tax ID, not my company registration number! Also had to make sure that the address was the same as what is listed on Companies House and the email domain was the same as my website.

[tybrannock24]

I did manage to get mine working eventually. Some things to note: I had to use my VAT number as the tax ID, not my company registration number! Also had to make sure that the address was the same as what is listed on Companies House and the email domain was the same as my website.

Okay, copy that. I used the EIN number assuming that it would be the best way to identify a business.

[tybrannock24]

I did manage to get mine working eventually. Some things to note: I had to use my VAT number as the tax ID, not my company registration number! Also had to make sure that the address was the same as what is listed on Companies House and the email domain was the same as my website.

Okay, copy that. I used the EIN number assuming that it would be the best way to identify a business.

Correction: Actually I used my duns number. It just failed again. Didn't even allow me to choose any form of validation and won't let me attempt a third time. This whole validation process could definitely use some TLC.

[RossWallgrenFX]

Does anybody with more experience here have any advice on what to do while we wait for Microsoft to figure this out? Just suck it up and go the "old school" route with one of these (expensive) certs? Go without codesigning for a while and hope the Windows users are fine clicking "run anyway"? Feeling unsure what to do.

It's B2C audio plugin software, most users will probably be on Mac anyway.

[TacoTechSharma]

@tybrannock24 Can you share your validation ID?

[tybrannock24]

@tybrannock24 Can you share your validation ID?

Sure, 1a5162b0-d7cc-49d4-a882-349e3a34c1ac and cdfa4282-513e-44db-b37d-ce590fd3cb08 are the two that I have open now.

[TacoTechSharma]

For cdfa4282-513e-44db-b37d-ce590fd3cb08 - there was an email sent with a verification link, the link will expire on 19th Sep. 1a5162b0-d7cc-49d4-a882-349e3a34c1ac - please update domain registration or invoice that lists the entity/contact as it is stated on the request. All documents submitted must be issued within the previous 12months or where the expiration date is a future date that is at least 2 months away.