microsoft
App Installer Authentication Manager
I've been able to get through some of the blockers that prevented me from using update mechanisms using the .appinstaller and for several UWP apps I have. One blocker I still have is sometimes this "App Installer Authentication Manager" window is left running/orphaned. I also would like to somehow suppress this window if possible. The .appinstaller and .msixbundle files are in a sharepoint site and I add msixauth=aad to the .appinstaller. I would like to be able to install updates silently, but this window shows up.
This is a bug but it should be fixed in the latest stable release v1.24. What version of App Installer do you have installed? You can get it from PowerShell using the following command
(Get-AppPackage Microsoft.DesktopAppInstaller).Version
If you have an older version, you can update it through the Microsoft Store. Go to "Library" (lower left corner), find "App Installer" in the list, and select Update.
You can also download the latest version from https://aka.ms/GetWinGet
On a related topic, if appinstaller is configured for background automatic updates, what is the expected behavior if msixauth=aad? Will a sign-in window just pop out of nowhere if user is not already authenticated?
If the user is signed in, this "App Installer Authentication Manager" window will show up. It will silently check if the current user is authorized to access the package on the web, and if they are then things will proceed silently. If the user is not authorized, there will be a sign-in prompt to try with different credentials.
The out-of-nowhere sign-in window may not be great, but I don't know how that could be improved if you want to automatically update a package when you don't have permission to see the update.
This is a bug but it should be fixed in the latest stable release v1.24.
@florelis I just checked this on 3 machines and all report version 1.24.25200.0. However, I get the same "App Installer Authentication Manager" window that shows no sign of completing.
Okay, that's a bug. That version should contain a fix for this issue, but it may have not covered some cases. Could you share some more details about your scenario to help me repro it and narrow down where the issue is?
Does this happen on installs, manual updates, or automatic updates?
If you're using a .appinstaller file, what are the update settings?
Does another App Installer window show up?
What is the text shown in the Authentication Manager window?
Do you get a sign-in window?
Does your app update successfully and the window just does not close, or does it not update at all?
This window pops up at machine startup so I assume it's for the automatic updates as specified on the .appinstaller. I have seen this window linger after a manual app update (.appinstaller double-click) or first install (.appinstaller double-click) , but I currently view those cases as lesser problems.
This is what I have:
<UpdateSettings>
<AutomaticBackgroundTask />
</UpdateSettings>
"Getting authenticated resources." is the text. No other window or sign-in prompt is shown.
There is a more recent version (3.0.160.0) and the app version remains (3.0.158.0) in this case.
@florelis Any clue why this might be happening? Since the removal of Store for Business, I've struggled to find a means to get apps distributed and updated. I hope this is not another blocker to moving forward.
I think I know why it is happening but I haven't had the time to look into it too much. I did manage to repro it at least. I believe it happens because of a memory leak, where an object that keeps that window alive is not getting deleted; I just have to find out where.
I'll update here once it's fixed, and let you know what version it will be in. I think the next two releases will be some time in Feb and May, hopefully it will make it to one of those.
@florelis, the timing is concerning especially if waiting until May. I hope it's sooner. I have a few users piloting and they've reported seeing it.
On a related note on another app I've configured for <AutomaticBackgroundTask /> updates just like this one, it's has stayed on an older version for a week now (new update available). To confirm, there's no code to implement on the actual app, right? This should just work?
On a related note on another app I've configured for
<AutomaticBackgroundTask />updates just like this one, it's has stayed on an older version for a week now (new update available). To confirm, there's no code to implement on the actual app, right? This should just work?
Correct.
You could try to open the .appinstaller file again and check if it offers to update. If it offers to install the same version, it would be an issue with the .appinstaller not pointing to the new version. If it offers to update, then it would be an issue with the background update not happening. Either case, you can check the logs at %LocalAppData%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\DiagOutputDir to try and diagnose it.
@florelis Running the .appinstaller installs/updates to the latest.
I've searched for key words that I think are relevant (part of my app's name, part of the URL for the .appinstaller) in the .log files in that path and don't see any evidence of an automatic background update getting logged. What keywords should I be looking for?
I see Created authentication arguments. Mode: silentPreferred, Account:, but nothing to indicate it's for the apps I'm concerned about.
In the background update, the flow does not go through the App Installer UI, so it does not log where I said. My bad. I was thinking of update on launch.
In this case, it is squarely within the deployment stack in the OS. Here are some docs on how to get diagnostics
You can check what the OS thinks the update settings are using Get-AppxPackageAutoUpdateSettings
It could be an issue with the xml namespace. If you have xmlns="http://schemas.microsoft.com/appx/appinstaller/2017", try changing 2017 for 2017/2 (min OS build 17134), 2018 (min OS build 17763) or 2021 (min OS build 22000).
@florelis I've had it on the 2021 revision. I'll check the docs you linked. Thanks.
@florelis
I just attempted looking at event viewer logs and found no entries that pertain to auto updating of my apps. Do you have any specifics on verbiage I should look/search for?
UpdateUris : {}
RepairUris : {}
OptionalPackageUris : {}
DependencyPackageUris : {}
CheckForUpdatesOnLaunch : False
ShowPromptOnLaunchWhenUpdateIsAvailable : False
UpdateBlocksActivation : False
AutomaticBackgroundTaskUpdatesEnabled : True
ForceUpdateFromAnyVerion : False
IsAutoRepairEnabled : True
HoursBetweenUpdateChecks : 24
PausedUntil :
PolicySource : Default
LastCheckedForUpdates : 12/29/2024 8:49:44 PM -07:00
Version : 3.0.159.0
@florelis
I just found some relevant Event Viewer logs on another machine. The two immediately below are for the app that causes the "App Installer Authentication Manager" to popup on startup and linger forever.
AppXDeployment-Server/Microsoft-Windows-AppXDeploymentServer/Operational
Failed to get the stream from the undocked data source for Uri: https://REDACTED/sites/IT/Shared%20Documents/Apps/MYAPP.appinstaller?msixauth=aad. Result code: 0x80010105.
Appinstaller operation failed with error code 0x80010105. Detail: The server threw an exception.
Also, under AppXDeployment/Microsoft-Windows-AppXDeployment/Operational, I see entries saying Determining packages to be installed during logon for user: REDACTED
Subsequent entries say something like the below but the apps I expect aren't listed:
The following packages will be installed: Microsoft.WindowsAppRuntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x86__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.5_5001.311.2039.0_x64__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.5_5001.311.2039.0_x64__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.5_5001.311.2039.0_x64__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.5_5001.311.2039.0_x64__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.6_6000.318.2304.0_x64__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.5_5001.311.2039.0_x64__8wekyb3d8bbwe Microsoft.WindowsAppRuntime.1.6_6000.318.2304.0_x64__8wekyb3d8bbwe . The following packages will be removed: NULL
I see entries like this for my other apps, but again, no indication of updating. For the one below, I know there's a newer version.
Successfully updated the status for package REDACTED_6.0.1219.0_x64__redacted and user REDACTED (Clear=0x20, Set=0x0).
0x0: GetActiveAumidsInPackage successful for package REDACTED_6.0.1219.0_x64__redacted.
Thank you for the details.
The part you're looking for in Get-AppxPackageAutoUpdateSettings is this:
AutomaticBackgroundTaskUpdatesEnabled : True
That means that the OS is aware that it needs to auto update the app
Appinstaller operation failed with error code [...] means it failed to check if an update was available.
Failed to get the stream from the undocked data source for Uri [...]MYAPP.appinstaller?msixauth=aad means that the error happened when trying to read the file from the web.
So this all points out to an issue specifically in the Authentication Manager. In a way that's good, because that means we can fix it with an update to App Installer through the Store. Had it been in the OS layer it would be more complicated.
It doesn't sound like something you'll be able to work around until we publish a fix. Is there any chance you could use on-launch update instead? It probably isn't the ideal experience you want, but it unblock you and you can change it later.
@florelis, I'm willing to try it other ways. Is that "on-launch" method something specific?
The particular app in question actually doesn't have a launchable aspect to it (AppListEntry="none"). I can force it to run via explorer shell:Appsfolder\MYAPP_asdfasdfasdfasdf!App manually, but that's not expected on end clients. I have a background task that runs on a timer.
I suppose I can put something like below in RunAsyncInternal in the app's background task?
_ = Package.Current.CheckUpdateAvailabilityAsync();
and remove <AutomaticBackgroundTask />?
I meant the OnLaunch setting in the .appinstaller. But that does not seem to be applicable for your case given the type of app.
You could use that API to check for updates, and then do the update yourself but it does defeat the whole purpose of having the .appinstaller :/
I'm also not sure if it would work because the URI you need to give the OS for the update is a special thing to indicate it needs to do the auth.
Yes--I am getting into some experimentation given the options I'm left with after Store for Business was removed.
Given how the other apps are behaving, I don't get prompted to login all the time so I'm also hoping that it's not too bad at least for the interim.
I might do away with the auth requirement for this one app, but I want to resolve the App Installer Authenticator Manager issues that also affect the other apps I have.
@florelis, I'm discovering that <AutomaticBackgroundTask /> doesn't get unregistered(?) from the OS if just updating the app. I had to completely uninstall the app for it to unregister. I was confused because I removed it from the .appinstaller and updated the app by running the .appinstaller, but was surprised to see the App Installer Authenticator Manager still pop up after startup. Uninstall and reinstall of the app is what stopped it from popping up at startup.
I think I have a bit of success. Checking and updating via the API in a background task has allowed the app to update on a few test PCs. The App Installer Authentication Manager window still pops up but hasn't prompted for login so far. Some PCs are still not on the latest version of the app and sometimes the App Installer Authenticator Manager window lingers on those PCs.
@florelis, let me know if there's any other info I can provide to help with a fix.
Also, I don't know if you're taking suggestions: It would be nice if the progress being shown in that window can be integrated into my code instead.
@florelis, I'm less convinced that <AutomaticBackgroundTask /> is working. I have two other apps that have not updated on my main machine. I am authenticated with my work account on SharePoint.
Sorry for the delayed response. I now have a repro of both the lingering window and the background update not working; will update once I figure out the cause.
FYI, I've switched to no authentication for now so I can move forward. That temporarily solves the orphaned window that pops up. However, I'm still noticing that <AutomaticBackgroundTask /> isn't working even now that there's no authentication requirement in the way.
@florelis are the improvements mentioned in version 1.25.320.0?
Also, the version notes for App Installer in the store app is very old. Why isn't this being used by the team to detail what's new?
Version notes from Microsoft Windows
- Sideload Windows 10 apps
- See the app publisher, version, and capabilities
- See the app's display logo
- Install multiple Windows 10 apps at once
- Launch apps immediately after install
- Support for Windows Package Manager on Windows 10 1809 and later
are the improvements mentioned in version 1.25.320.0?
I know this is disappointing to hear, but no :( It is on the queue (internal bug: https://task.ms/56432881), but there have been some higher priority items on the team.
Also, the version notes for App Installer in the store app is very old. Why isn't this being used by the team to detail what's new?
I'll bring this up with the team.
@florelis I've seen a couple(?) of updates since end of Feb, but I still don't have a clue what has been updated and more importantly, whether issues have been resolved.
All the recent updates to the package have been on the winget side. The only change to App Installer is that we stopped publishing binaries for 32-bit ARM, but that has nothing to do with your issue. We have better release notes over at https://github.com/microsoft/winget-cli/releases than in the Store listing, but that is more focused on winget. We have been making some improvements to our release process, but it hasn't gotten to updating the Store listing.
As for your actual issue, I don't have anything to share at this time. Be sure that I will let you know as soon as it is in a preview build. But unfortunately we don't have as many resources allocated to this project as I would like, so things take a long time :(