Monday, January 21, 2008

Clickonce Manifest Woes - The deployment identity does not match the subscription

January 21, 2008 Posted by Jason Irwin , 1 comment

As blogged about previously, the organization I work for has a number of developer tools which are published using Clickonce which provides quite a lot of functionality for very little overhead. However, this morning I attempted to update and re-publish one of said applications I realized that the certificate with which the application was originally deployed had expired. Since we do not use private (trusted) certificates, I was able to click the ‘Create Test Certificate’ in Visual Studio to create another certificate. Everything seemed fine – I deployed the application without any issue and even tested it on my box. Everything worked nicely.

Later in the day I received an email from a colleague who had received a rather unsavory error message in his attempt to open the application. It read:

“The deployment identity does not match the subscription.”

It was pretty clear that this was directly related to the change in manifest…after a quick google I realized that I was not the first user this happened to (nor the 100th). It has been logged as a bug on Microsoft Comment with the status of having ‘been fixed in the Orcas release’.

It also has its own page on Microsoft Support which explains it as a conflict of certificates – suggesting two workarounds:

  • Uninstalling and re-installing the application (and totally defeating the purpose of click-once applications). This is fine for small applications with a (very) limited user base – but for enterprise class applications this approach is pretty much unacceptable.
  • Creating a command line assembly to update the certificate – it was too late for me but this is a method I will certainly test in the future as this will undoubtedly happen 365 days from now J The whole support article can be found at