SonarQube for Visual Studio plugin version: 10.2.0.16704
Programming language you’re coding in: C#
Is connected mode used: Unsure. I didn’t enable it, but it appears to be trying to use it
SonarQube Cloud, SonarQube Server, or SonarQube Community Build? (if one of the latter two, which version?):
And a thorough description of the problem / question:
When i open a solution Visual Studio, SonarQube is getting stuck in a loop and outputting this
[SLCore > Http] Server verification result: False
[SLCore] Failed to download artifact with key cpp
[SLCore > Http] Received server trust verification request…
[CertificateChainValidator] Certificate validation failed for the following reason(s):
[CertificateChainValidator] RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
[CertificateChainValidator] OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.
It leaves 0 time between retries and just keeps on doing it. The main issue is this appears to break the menu system in Visual Studio. You can click on a menu item and it closes a split second later. I had to close visual studio, re-open it without a solution
As some extra notes, I had to close visual studio, open it without a solution to disable SonarQube, to make it usable. When i re-enabled it to write this bug report, it appeared to be broken, not showing it’s menu entry in Extensions menu or in the Visual Studio options. I had to remove and re-add the extension to get the menu options again. Which also lead to the certificate revocation check looping, and any menu item in Visual Studio is again unusable.
Thank you I have generated and attached a verbose log.
I did have to redact a few things, but nothing important (hopefully).
There was a version update today, but the issue persists. Again, i am not bothered by the network traffic not working. It is more concerning how it leaves Visual Studio un-usable.
Same “bug” here, with VS 2026 v18.4.0
Infinity loop of message :
[SLCore > Http] Server verification result: False
[SLCore > Configuration Scope] Updated analysis readiness for Configuration Scope {NameOfCurrentVisualStudioSolution}: True
Updated analysis readiness: True
[SLCore] Failed to download artifact with key cpp
[SLCore > Http] Received server trust verification request…
[CertificateChainValidator] Certificate validation failed for the following reason(s):
[CertificateChainValidator] RevocationStatusUnknown: La fonction de révocation n’a pas pu vérifier la révocation du certificat.
In log file.
SLVS-2934 Tested.
Yes, it fix the lock of UI, now we can reuse VisualStudio again
We’ve recently made changes to our distribution package, which excluded C++ analyzer. It is now downloaded on demand at the runtime. However, it seems that your firewall is blocking the connection and the certificate we get is not trusted by the OS, hence why we fail and try to show the notification.
The problem is worsened by the fact that we have a bug which causes reconnection attempts to happen endlessly, causing the UI updates which starve the VS’ UI thread
We’re working on fixing the no. 2 issue, however you will still need to configure your firewall/certificates to be able to download the C++ analyzer if you want to use it.
I can confirm that is much better. The menu stays open. It also does not seem to be hammering the retry loop.
Not seen it retry yet, so don’t know if the menu stays open when it fails, but either way, Visual Studio is actually usable with this extension installed, so that is great.
thank you
Mike
(it won’t like me @ you, new users cannot do that.)
Hi. So turns out the proper fix is a bit more complicated. I’ve released version 10.2.2 that does the temporary fix. You don’t need to change to it if you already installed the fixed version from this thread, but if you do, remove the extension first manually - VS won’t let you downgrade from 10.3 to 10.2.2
Currently the list of analyzers to load is declared statically. Previously the analyzers were packaged inside the VSIX extension package, which sometimes led to issues with VS installer due to the large size. We recently moved C++ analyzer to a runtime download model, but the logic for ‘when’ to load it stayed the same. We should consider some more sophisticated logic to determine when to load it based on detected files, but I’m not sure how high it will be on the priority list tbh.
I have generated and attached a verbose log.