Share via

Exception from HRESULT: 0xD0000003 at FileIntegrity.MarkAsTrusted in .NET CodeDom Compiler on Windows 11 Enterprise 23H2

Vishnu S 0 Reputation points
2026-05-25T03:50:11.1733333+00:00

Hi Team,

I happen to be an employee of Analog Devices and recently got my laptop repalced with a new Win11 Enterprise system.

Upon reinstalling all the work-related tools and packages on this system, our desktop application that uses the .NET Framework System.CodeDom.Compiler (CSharpCodeGenerator) to dynamically compile C# code at runtime is throwing the following unhandled exception on Windows 11 Enterprise 23H2 (Build 22631.6936):

"Application Exception Exception from HRESULT: 0xD0000003 at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.CodeDom.Compiler.FileIntegrity.MarkAsTrusted(SafeFileHandle safeFileHandle) at Microsoft.CSharp.CSharpCodeGenerator.FromSourceBatch(CompilerParameters options, String[] sources) at Microsoft.CSharp.CSharpCodeGenerator.System.CodeDom.Compiler.ICodeCompiler.CompileAssemblyFromSourceBatch(CompilerParameters options, String[] sources) at System.CodeDom.Compiler.CodeDomProvider.CompileAssemblyFromSource(CompilerParameters options, String[] sources)
.......
"
This issue is not limited to my system. Several of my colleagues are facing the same problem as well. It appears that a security policy update or restriction in these new systems may be causing this exception.

Could you kindly help us identify the root cause and provide a solution at the earliest possible convenience? This issue is currently impacting and delaying our work significantly.

Thank you for your support and assistance.

Best regards,
Vishnu

Developer technologies | .NET | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Varsha Dundigalla(INFOSYS LIMITED) 5,025 Reputation points Microsoft External Staff
    2026-05-25T06:34:55.33+00:00

    Thank you for reaching out.

    This issue is caused by a recent Windows security change, not by a problem in your application or .NET CodeDom. After recent Windows updates, stricter cryptography checks were introduced, and this can cause failures when .NET tries to mark dynamically generated files as “trusted”.

    To unblock the issue, Microsoft has provided a temporary workaround.

    You can set the following registry value:

    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais 
Name: DisableCapiOverrideForRSA (DWORD) 
Value: 0

    After applying the change, please restart the system and check if the issue is resolved. This workaround restores compatibility with the older behavior.

    Please note this is only a temporary solution, as the change is part of Windows security hardening and will remain enforced going forward.

    For more details on this Windows change and workaround, you can refer to:

    Please let us know if you require any further assistance, we’re happy to help. If you found this information useful, kindly mark this as "Accept Answer". So that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    Was this answer helpful?

  2. AI answer

    2026-05-25T03:50:23.6133333+00:00

    The exception Exception from HRESULT: 0xD0000003 at System.CodeDom.Compiler.FileIntegrity.MarkAsTrusted when using CSharpCodeGenerator is caused by a change in Windows cryptography/file-integrity behavior introduced by recent Windows 11 updates, not by a bug in System.CodeDom itself.

    On Windows 11 Enterprise 23H2 (build 22631.6936 and later), certain cryptographic and file-integrity checks can fail for dynamically generated/compiled assemblies, which then surfaces as this HRESULT during FileIntegrity.MarkAsTrusted. Microsoft has documented a related regression in cryptography behavior and provided a temporary registry-based mitigation.

    To work around this on affected Windows versions, configure the DisableCapiOverrideForRSA registry value as follows:

    1. Open Registry Editor (regedit).
    2. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais
    3. If the DisableCapiOverrideForRSA value does not exist, create it as a DWORD (32-bit) value.
    4. Set DisableCapiOverrideForRSA to 0.
    5. Restart the machine.

    Important notes:

    • This mitigation is explicitly documented as temporary and is planned to be removed in Windows updates released in April 2026.
    • Editing the registry incorrectly can cause system issues; back up the registry or create a system restore point before making changes.
    • The setting is not created by default and must be added on each affected device.

    After applying this registry change and rebooting, the cryptography behavior reverts in a way that allows FileIntegrity.MarkAsTrusted to succeed again for dynamically compiled assemblies, which should unblock the CSharpCodeGenerator/CodeDom compilation scenario on Windows 11 Enterprise 23H2.

    If the issue persists even after setting DisableCapiOverrideForRSA to 0 and rebooting, ensure that all latest cumulative updates for Windows 11 23H2 are installed, as Microsoft continues to refine the behavior in subsequent updates.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.