signtool.exe runs slowly under different user account

Question

We use signtool.exe to sign a set of managed assemblies (from a command prompt, we run signtool.exe in a trivial .bat file for-loop, applying a certificate from a pfx file)

• When run under a domain administrator's account, it runs in under 1 minute.
• When run under a local user account, it takes 37 minutes!

The setup and conditions (aside from the login account used) are identical in both cases.

Needless to say, our build server is running using the "wrong" account!

Can anyone think of any user-account settings that might influence the speed of signtool.exe so significantly? Does it need to interact with any external services?

Answer 1

In a momment of inspiration, I've solved the problem. If anyone else comes across this, it was because of our proxy server.

The admin account had exclusions so that local addresses would not be resolved through the proxy server, but the build account did not have the exclusions, so signtool was needlessly round-tripping via our proxy (thousands of miles away, and hence very slow).

I don't know why signtool needs to ping the internet when signing a local file using a local pfx file with timestamping disabled, but adding the local proxy exclusions fixed it.