Failed to install key pair–Object already exists

As I was working on a build server, I ran into an issue importing pfx (assembly signing) files.  I kept getting an error – “Failed to install key pair–Object already exists” trying to run the following command:

sn –I myfile.pfx VS_KEY_XXXXXX

Of course, I have to import my files on build machine in order to perform successful build.  I tried to delete the container, issuing the following command:

sn –d VS_KEY_XXXXXX

I got an error – “Container does not exist”.

I kept on struggling with this issue for a while, but got nowhere.  Then it hit me.  Maybe another user tried to import the same file already?  I logged in as one of the users who also tried to work on the build process. I was able to delete the container.  Then I logged in as the TFS Build service user again and was able to successfully import the PFX file then.  Moral of the story – apparently on Windows Server 2012 you can run into issues if multiple user profile try to import the same PFX file.

I hope this post will save someone some grey hairs.  Mine is practically gone already, so no harm done here.

Enjoy.

5 Comments

  1. Hello Sergey!

    Strong name tool (sn.exe) imports private keys to the local machine storage by default. Therefore different users may try to save different keys to the same storage. It is possible to set sn.exe to use storage of a current user with the command “sn.exe -m n”. This command should be executed with administrative rights.

    Also tool KeyPal http://www.jensign.com/KeyPal/ can be useful in solving problems with certificate storages. It is able to display list of key containers for the current user or for the machine.

    Best wishes!

Leave a Reply to traviswhidden Cancel reply

Your email address will not be published. Required fields are marked *