Search code examples
azureyamldevopspipelinedigicert

DigiCert - Azure DevOps yaml task SSMClientToolsSetup@1 fails

Azure pipeline fails on the SSMClientToolsSetup@1 task:

This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package.

error when executing setup task of STM Error: The process 'C:\Windows\system32\msiexec.exe' failed with exit code 1620. at ExecState._setResult (D:\a_tasks\SSMClientToolsSetup_63dc66e6-daa5-4c1c-97f2- 4312143a6d6c\1.7.0\node_modules\azure-pipelines-task-lib\toolrunner.js:942:25) at ExecState.CheckComplete (D:\a_tasks\SSMClientToolsSetup_63dc66e6-daa5-4c1c-97f2-4312143a6d6c\1.7.0\node_modules\azure-pipelines-task-lib\toolrunner.js:925:18) ##[error]The process 'C:\Windows\system32\msiexec.exe' failed with exit code 1620 at ChildProcess. (D:\a_tasks\SSMClientToolsSetup_63dc66e6-daa5-4c1c-97f2- 4312143a6d6c\1.7.0\node_modules\azure-pipelines-task-lib\toolrunner.js:838:19) at ChildProcess.emit (events.js:198:13) at maybeClose (internal/child_process.js:982:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:259:5)

I am following these instructions: https://docs.digicert.com/en/digicert-keylocker/ci-cd-integrations/plugins/azure-devops-client-tools-extension.html

Solution

  • Task SSMClientToolsSetup@1 is published by DigiCert to assist with setting up certificate tools in an ADO pipeline.

    Part of the task involves downloading an MSI installer from https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download.

    Recently this download has been failing and causing the task to fail:

    file after write 22288095 error when executing setup task of STM Error: The process 'C:\Windows\system32\msiexec.exe' failed with exit code 1620

    A workaround, as you suggest, is to change the task to include automatic retry:

    Old task yaml:

    - task: SSMClientToolsSetup@1
  displayName: Setup SMTools

    New yaml:

    - task: SSMClientToolsSetup@1
  retryCountOnTaskFailure: 10
  displayName: Setup SMTools

    For a custom build agent, I believe it would be possible to manually install the tools on the build agent instead (so they don't need setup every time, and can't fail due to a download error).