BTW, and using this as "main" SHA-2 timestamp server for dual SHA-1/SHA-2 signing:

http://timestamp.comodoca.com/rfc3161

and these pragmas in the script:

#pragma CODESIGN_SHA = "12"
#pragma CODESIGN_TSSHA1URL = "http://timestamp.comodoca.com/authenticode"

creates a perfectly valid (dual) SHA-1 signature including Comodo SHA-1 timestamp and SHA-2 signature including SHA-2 timestamp.

Tested on Windows 10 with the latest SignTool.exe version 10.

Friedrich