Good news first: the earlier "EXE not found" is gone, your build now produces the .exe, so we are past that. What is failing now is the Azure signing step itself, and the line in your log is the key:
Microsoft.Identity.Client.Extensions.Msal.MsalCachePersistenceException: Persistence check failed
That exception does not come from XLS Padlock. It comes from Microsoft's Azure signing components: the Trusted Signing (Azure Artifact Signing) tooling uses Azure.Identity and MSAL, and on startup MSAL runs a self-test to confirm it can store its token cache on the machine. On Windows it encrypts that cache with DPAPI under your user profile. When the self-test fails it throws "Persistence check failed" and the signing call stops, which is exactly why the two cmd windows open and then nothing more happens, even though az login succeeded and your certificate is active.
We have not seen this one reported before, which points to something specific to this machine's Azure and MSAL environment rather than a general XLS Padlock problem. These are the things that cause it, most effective first:
- Run the signing in the exact same Windows user session where az login succeeded. Do not start XLS Padlock elevated (Run as administrator) or as a different user, and avoid doing it over a remote-desktop or service context. DPAPI ties the cache to the user profile, so a context mismatch fails the check.
- Make sure %LOCALAPPDATA% is a normal local, writable path, not redirected to a network share or into OneDrive. MSAL keeps its cache under %LOCALAPPDATA%.IdentityService.
- Clear the stale credential cache and re-authenticate: run az logout, then az login again. If it persists, close XLS Padlock, delete the folder %LOCALAPPDATA%.IdentityService, and sign once more so it is recreated cleanly.
- Confirm the machine has the current Microsoft Visual C++ Redistributable (x64) and the .NET runtime the Azure tooling needs. A missing runtime can make the Azure signing step fail quietly.
Separately, it is worth being on XLS Padlock 2026.1 (released today), which improves Azure Artifact Signing support in general. It does not target this specific MSAL cache error, so treat it as good housekeeping rather than the fix here.
To help us narrow it down:
- How did you set up signing in XLS Padlock: the built-in Azure Artifact Signing option, or a custom SignTool command line pointing at the Azure dlib and a metadata.json?
- Are you signing from an ordinary desktop session on your own account, or over remote desktop, from an elevated prompt, or a service account?
- Your Windows version, and whether this machine is managed by a company IT policy.