?
Solved

Cryptographic service provider

Posted on 2007-07-20
28
Medium Priority
?
4,364 Views
Last Modified: 2012-08-13
Hello all,

I've a question about an error message I have.

I work at the central organization of all dutch notary's and we deliver certificates for all member offices to get entry to our secured intranet. But there is 1 computer where I can't import the certificate.
I've got the error message "cryptographic service provider needed". There is a rootcertificate installed but when I try the certificate of the particular office. I get the error message.

Does anybody know what might be the problem?

Thnx in advance
0
Comment
Question by:RLengkeek
  • 14
  • 11
  • 2
  • +1
28 Comments
 
LVL 31

Expert Comment

by:merowinger
ID: 19529604
is the service CertPropSvc started on this pc?
0
 

Author Comment

by:RLengkeek
ID: 19529778
By the way. The computer runs on W2k prof.

When I look on my own computer where I can import certificates and I see trough the tasklist /svc that certpropsvc isn't in the list.

Can you tell me where I should start the service?

In de servicelist (services.msc) can't I find it.
I see another servicie which is related to cryptographic services but when I stop the service and try to import the certificate it won't give and error message. So the problem is not related to that service.

But again, maybe if it's possible for you to tell me where I can start (and stop) the certpropsvc I can isolate the problem.

Thnx
0
 
LVL 31

Expert Comment

by:merowinger
ID: 19529819
Foget the service! :)

Do the user on the pc has a mandatory profile?
U see this if on the user profile on the server is a ntuser.man file!

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:RLengkeek
ID: 19529847
In her profile isn't a ntuser.man file. Only ntuser.dat
You thought the problem she have is related to a mandatory profile?
Anyway, above is not the case.
I really wondering what It could be.
Thnx for your help so far.
I am looking forward to another id from your side.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19529854
The service mentioned is 'Certificate Propagation' in the services mmc.
But that's not the one you need. This is only for smartcards.
And tasklist /svc only shows the services used per process. This will not show all running services. Lots of services are running under svchost. Just use services.msc.
The service needed is "Cryptographic Services".
If that's running then the problem could be that the correct cryptographic provider for the encryption used by the certificate does not exist. Especially under Windows 2000.

J.
0
 

Author Comment

by:RLengkeek
ID: 19529944
The strange thing is that the service "cryptographic services" isn't in the list when I look in services.msc
And her collegue has the same configuration and use the same certificate and she also doesn't have the cryptographic services in het services list. So I don't think it is related to that service.

I've stopped the service on my pc and successfully imported the certificate.
More suggestions/ideas are very welcome
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19530825
I'm more convinced that one is the cryptographic service providers is missing or not installed. Windows 2000 does not have them all.
Do you have more detail from the error message?
Does this happen when importing the certificate using certmgr.msc?
Anything in the event log?

J.
0
 

Author Comment

by:RLengkeek
ID: 19530993
I import the certificate by double clicking the certificate and then follow the wizard. The error message wich comes up then is "cryptographic service provider needed". The rootcertifcate is installed.
0
 

Author Comment

by:RLengkeek
ID: 19531022
Is it an idea to use the scannow /sfc command to check if there are any windowsfiles missing?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19531023
Is this error message a translation from Dutch?
If yes, please post the original Dutch one.
And realy nothing in the event log?

J.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19531042
scannow has never hurt anyone ;-)
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19531057
and it's: sfc /scannow

J.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19531074
Sorry, bit to quick today.
sfc /verifyonly
has never hurt anyone. First do only the check so that you know what it finds, before repairing.

J.
0
 

Author Comment

by:RLengkeek
ID: 19531080
Oh, I knew that. :)

anyway here is the error message:

"Er is een interne fout opgetreden. Voor de persoonlijke sleutel die u importeert, is mogelijk een cryptografieprovider vereist die niet op het systeem is geïnstalleerd.".

0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19531431
OK. The correct translated English error message is - in exact MS wording:
"The private key that you are importing might require a cryptographic service provider that is not installed on your system".

This brings more solutions.
- Is the latest service pack installed on this Windows 2000? Which service pack is installed?
- Is the high encryption pack installed? You can check and download it via windows update
- What's the version of internet explorer installed? Use minimum v6

J.
0
 

Author Comment

by:RLengkeek
ID: 19531485
oh ok! I know that she uses IE6.
service pack don't know yet.
I will check for the high encryption pack
thnx
0
 

Author Comment

by:RLengkeek
ID: 19556547
Argh. I have to wait for tomorrow. Then I can call the office she works to ask which serverpack she has. The high encryption pack I found!. Is it safe to install that? or can I expect several problems?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19556635
The high encryption pack just adds some encryption algorithms. I've never heard of any problems with it.
The only limitation is an export restriction to what the USA considers terrorist supporting countries.

J.
0
 

Author Comment

by:RLengkeek
ID: 19556668
I don't think Holland is a terrorist supporting country :)
Thnx so far.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19556710
Nope, not on the list. ;-)

J.
0
 

Author Comment

by:RLengkeek
ID: 19563313
Good morning,

I called the office this morning and she has service pack 1 installed. hahahaha
She propably need service pack 2 - 4 too?
You think that's the solution for this problem?
Is the high encryption pack included in one of those service packs?
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 1000 total points
ID: 19563393
Wow, SP1? And that PC is working, lol.
She should go to SP4 immediatly. And for a lot more (security) reasons then only the above one.
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/sp4nl.mspx
And as always: have a working backup first.

About high encryption, from the SP4 readme: "If you install SP4 over Windows 2000 Service Pack 1 (SP1) or an earlier release of Windows 2000, your computer will automatically be upgraded to 128-bit encryption to provide better online and local security and to bring your computer up to the current worldwide encryption standard. Beginning with Windows 2000 Service Pack 2 (SP2), 128-bit encryption is supported as the default, so if you previously installed SP2 or Windows 2000 Service Pack 3 (SP3), your computer has already been upgraded to this level of encryption. Furthermore, your computer retains 128-bit encryption even if you revert to Windows 2000 or SP1 unless you reformat your hard drive and complete a new installation of Windows 2000 or Windows 2000 with SP1."

En vergeet niet te vermelden aan al je vrienden dat een Vlaamse Belg je hierbij geholpen heeft. Grapje, vind ik toch ;-)))

J.
0
 

Author Comment

by:RLengkeek
ID: 19563747
I will make sure that she will run the update. I'll get back to you when the problem is fixed.
thnx for your help.

p.s. Ik heb d'r nu al goesting in om het te proberen! ;) (beste vriend is ook belg)

0
 

Author Comment

by:RLengkeek
ID: 19563796
hmmpf :(

She already has service pack 4.
Servicepack 1 mentioned earlier was from IE6.
Do you have any suggestions left?
0
 

Author Comment

by:RLengkeek
ID: 19600292
I close this call, we will re-install the pc and hope this solves the problem.
thnx for your effort.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19600336
OK, thx for the C  ;-)
0
 

Author Comment

by:RLengkeek
ID: 19638095
Hello,

I've found this article on the internet. I don't know if this article is on this site too but this helped me solve my problem. So If you have the same problem try this:

So, here is a solution that is not even in the Microsoft knowledge
base. It helped me and hopefully many others. It was found because I
new exactly when it started to happen: after uninstalling a software
program. The uninstall procedure removed to many registry keys...
HERE WE GO...
Important: this solution contains information about how to modify the
registry. Make sure to back up the registry before you modify it. Make
sure that you know how to restore the registry if a problem occurs.
View the following article in the Microsoft Knowledge Base for
information about how to back up, restore, and modify the registry:
http://support.microsoft.com/kb/256986/ 
Follow the next steps to solve this issue:
1. Close all running programs
2. Click on [Start] » Run
3. Type "Regedit" and click [OK]
4. Open the following folder:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\User Shell Folders
5. Now choose Edit » New » Expandable String Value
6. Enter "AppData" as a name
7. Double click the new entry
8. Enter "%USERPROFILE%\Application Data" in the value data field.
9. Close the registry editor
It is possible that additional registry keys are missing. Below is a
list of all keys that should exist in the "User Shell Folders". There
are different ways to add these keys again:
* Use the instructions provided on http://windowsxp.mvps.org/usershellfolders.htm 
* Add them manually by following the steps above
* Export the keys from a computer/user on which the issue does not
occur, and then importing them again.
To export and import:
1. Logon to Windows with a user account for which the issue does not
occur (this may also be a different workstation).
2. Click on [Start] » Run
3. Type "Regedit" and click [OK]
4. Open the following folder:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\User Shell Folders
5. Right click the "User Shell Folders" key on the left and choose
"Export". Specify a name and location of for the export file and click
[Save].
6. Close the registry editor
7. Logon to Windows with the user account that experiences this issue
8. Double click on the exported registry key you created in step 5.
9. Click [Yes] when asked if you are sure to add the information, then
click [OK] for the "successfully imported" message.
Registry keys that should exist in the "User Shell Folders" key.
The list below has the format "Key Name - Value Data". The type for
all keys is "Expandable String Value" (REG_EXPAND_SZ).
* AppData - %USERPROFILE%\Application Data
* Cache - %USERPROFILE%\Local Settings\Temporary Internet Files
* Cookies - %USERPROFILE%\Cookies
* Desktop - %USERPROFILE%\Desktop
* Favorites - %USERPROFILE%\Favorites
* History - %USERPROFILE%\Local Settings\History
* Local AppData - %USERPROFILE%\Local Settings\Application Data
* Local Settings - %USERPROFILE%\Local Settings
* My Pictures - %USERPROFILE%\My Documents\My Pictures
* NetHood - %USERPROFILE%\NetHood
* Personal - %USERPROFILE%\My Documents\
* PrintHood - %USERPROFILE%\PrintHood
* Programs - %USERPROFILE%\Start Menu\Programs
* SendTo - %USERPROFILE%\SendTo
* Start Menu - %USERPROFILE%\Start Menu
* Startup - %USERPROFILE%\Start Menu\Programs\Startup
* Templates - %USERPROFILE%\Templates
MORE INFORMATION
The "User Shell Folder" is a subkey of the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
registry. Entries in this subkey can also appear in the "Shell
Folders" subkey and in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER.
The entries that appear in user User Shell Folders take precedence
over those in Shell Folders. The entries that appear in
HKEY_CURRENT_USER take precedence over those in HKEY_LOCAL_MACHINE.
0
 
LVL 1

Expert Comment

by:Jason Thomas
ID: 20359794
Just wanted to say thank you to RLengkeek. I've had the issue here with 70 users for the past 5 days and have been unable to resolve the issue. This fix you mention above sorted out the problem in minutes.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question