After creating a new setup package I noticed my certificate signing wasn't working. I kept getting error while running the same signing command I always had.
sign -s "My" -sha1 $CERTIFICATE_THUMBPRINT -tr http://timestamp.comodoca.com/rfc3161 -v App.exe
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2146869243/0x80096005)
A bit of troubleshooting later and I narrowed my problem to the timestamping server as removing
/tr option made it work as usually (albeit without the timestamping portion). There were some certificate changes for the timestamp server but I don't believe this was the issue as the new certificate was ok and I remember their server occasionally not working for days even before this.
And then I remembered what I did the last time Comodo's timestamp server crapped out. Quite often you can use other, more reliable, timestamp server. In my case I went with
sign -s "My" -sha1 $CERTIFICATE_THUMBPRINT -tr http://timestamp.digicert.com -v App.exe
Successfully signed: App.exe
PS: This same error might happen due to servers refusing SHA-1.