Cryptographic service provider

Hello all,

I've a question about an error message I have.

I work at the central organization of all dutch notary's and we deliver certificates for all member offices to get entry to our secured intranet. But there is 1 computer where I can't import the certificate.
I've got the error message "cryptographic service provider needed". There is a rootcertificate installed but when I try the certificate of the particular office. I get the error message.

Does anybody know what might be the problem?

Thnx in advance
RLengkeekAsked:
Who is Participating?
 
PowerITCommented:
Wow, SP1? And that PC is working, lol.
She should go to SP4 immediatly. And for a lot more (security) reasons then only the above one.
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/sp4nl.mspx
And as always: have a working backup first.

About high encryption, from the SP4 readme: "If you install SP4 over Windows 2000 Service Pack 1 (SP1) or an earlier release of Windows 2000, your computer will automatically be upgraded to 128-bit encryption to provide better online and local security and to bring your computer up to the current worldwide encryption standard. Beginning with Windows 2000 Service Pack 2 (SP2), 128-bit encryption is supported as the default, so if you previously installed SP2 or Windows 2000 Service Pack 3 (SP3), your computer has already been upgraded to this level of encryption. Furthermore, your computer retains 128-bit encryption even if you revert to Windows 2000 or SP1 unless you reformat your hard drive and complete a new installation of Windows 2000 or Windows 2000 with SP1."

En vergeet niet te vermelden aan al je vrienden dat een Vlaamse Belg je hierbij geholpen heeft. Grapje, vind ik toch ;-)))

J.
0
 
merowingerCommented:
is the service CertPropSvc started on this pc?
0
 
RLengkeekAuthor Commented:
By the way. The computer runs on W2k prof.

When I look on my own computer where I can import certificates and I see trough the tasklist /svc that certpropsvc isn't in the list.

Can you tell me where I should start the service?

In de servicelist (services.msc) can't I find it.
I see another servicie which is related to cryptographic services but when I stop the service and try to import the certificate it won't give and error message. So the problem is not related to that service.

But again, maybe if it's possible for you to tell me where I can start (and stop) the certpropsvc I can isolate the problem.

Thnx
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
merowingerCommented:
Foget the service! :)

Do the user on the pc has a mandatory profile?
U see this if on the user profile on the server is a ntuser.man file!

0
 
RLengkeekAuthor Commented:
In her profile isn't a ntuser.man file. Only ntuser.dat
You thought the problem she have is related to a mandatory profile?
Anyway, above is not the case.
I really wondering what It could be.
Thnx for your help so far.
I am looking forward to another id from your side.
0
 
PowerITCommented:
The service mentioned is 'Certificate Propagation' in the services mmc.
But that's not the one you need. This is only for smartcards.
And tasklist /svc only shows the services used per process. This will not show all running services. Lots of services are running under svchost. Just use services.msc.
The service needed is "Cryptographic Services".
If that's running then the problem could be that the correct cryptographic provider for the encryption used by the certificate does not exist. Especially under Windows 2000.

J.
0
 
RLengkeekAuthor Commented:
The strange thing is that the service "cryptographic services" isn't in the list when I look in services.msc
And her collegue has the same configuration and use the same certificate and she also doesn't have the cryptographic services in het services list. So I don't think it is related to that service.

I've stopped the service on my pc and successfully imported the certificate.
More suggestions/ideas are very welcome
0
 
PowerITCommented:
I'm more convinced that one is the cryptographic service providers is missing or not installed. Windows 2000 does not have them all.
Do you have more detail from the error message?
Does this happen when importing the certificate using certmgr.msc?
Anything in the event log?

J.
0
 
RLengkeekAuthor Commented:
I import the certificate by double clicking the certificate and then follow the wizard. The error message wich comes up then is "cryptographic service provider needed". The rootcertifcate is installed.
0
 
RLengkeekAuthor Commented:
Is it an idea to use the scannow /sfc command to check if there are any windowsfiles missing?
0
 
PowerITCommented:
Is this error message a translation from Dutch?
If yes, please post the original Dutch one.
And realy nothing in the event log?

J.
0
 
PowerITCommented:
scannow has never hurt anyone ;-)
0
 
PowerITCommented:
and it's: sfc /scannow

J.
0
 
PowerITCommented:
Sorry, bit to quick today.
sfc /verifyonly
has never hurt anyone. First do only the check so that you know what it finds, before repairing.

J.
0
 
RLengkeekAuthor Commented:
Oh, I knew that. :)

anyway here is the error message:

"Er is een interne fout opgetreden. Voor de persoonlijke sleutel die u importeert, is mogelijk een cryptografieprovider vereist die niet op het systeem is geïnstalleerd.".

0
 
PowerITCommented:
OK. The correct translated English error message is - in exact MS wording:
"The private key that you are importing might require a cryptographic service provider that is not installed on your system".

This brings more solutions.
- Is the latest service pack installed on this Windows 2000? Which service pack is installed?
- Is the high encryption pack installed? You can check and download it via windows update
- What's the version of internet explorer installed? Use minimum v6

J.
0
 
RLengkeekAuthor Commented:
oh ok! I know that she uses IE6.
service pack don't know yet.
I will check for the high encryption pack
thnx
0
 
RLengkeekAuthor Commented:
Argh. I have to wait for tomorrow. Then I can call the office she works to ask which serverpack she has. The high encryption pack I found!. Is it safe to install that? or can I expect several problems?
0
 
PowerITCommented:
The high encryption pack just adds some encryption algorithms. I've never heard of any problems with it.
The only limitation is an export restriction to what the USA considers terrorist supporting countries.

J.
0
 
RLengkeekAuthor Commented:
I don't think Holland is a terrorist supporting country :)
Thnx so far.
0
 
PowerITCommented:
Nope, not on the list. ;-)

J.
0
 
RLengkeekAuthor Commented:
Good morning,

I called the office this morning and she has service pack 1 installed. hahahaha
She propably need service pack 2 - 4 too?
You think that's the solution for this problem?
Is the high encryption pack included in one of those service packs?
0
 
RLengkeekAuthor Commented:
I will make sure that she will run the update. I'll get back to you when the problem is fixed.
thnx for your help.

p.s. Ik heb d'r nu al goesting in om het te proberen! ;) (beste vriend is ook belg)

0
 
RLengkeekAuthor Commented:
hmmpf :(

She already has service pack 4.
Servicepack 1 mentioned earlier was from IE6.
Do you have any suggestions left?
0
 
RLengkeekAuthor Commented:
I close this call, we will re-install the pc and hope this solves the problem.
thnx for your effort.
0
 
PowerITCommented:
OK, thx for the C  ;-)
0
 
RLengkeekAuthor Commented:
Hello,

I've found this article on the internet. I don't know if this article is on this site too but this helped me solve my problem. So If you have the same problem try this:

So, here is a solution that is not even in the Microsoft knowledge
base. It helped me and hopefully many others. It was found because I
new exactly when it started to happen: after uninstalling a software
program. The uninstall procedure removed to many registry keys...
HERE WE GO...
Important: this solution contains information about how to modify the
registry. Make sure to back up the registry before you modify it. Make
sure that you know how to restore the registry if a problem occurs.
View the following article in the Microsoft Knowledge Base for
information about how to back up, restore, and modify the registry:
http://support.microsoft.com/kb/256986/ 
Follow the next steps to solve this issue:
1. Close all running programs
2. Click on [Start] » Run
3. Type "Regedit" and click [OK]
4. Open the following folder:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\User Shell Folders
5. Now choose Edit » New » Expandable String Value
6. Enter "AppData" as a name
7. Double click the new entry
8. Enter "%USERPROFILE%\Application Data" in the value data field.
9. Close the registry editor
It is possible that additional registry keys are missing. Below is a
list of all keys that should exist in the "User Shell Folders". There
are different ways to add these keys again:
* Use the instructions provided on http://windowsxp.mvps.org/usershellfolders.htm 
* Add them manually by following the steps above
* Export the keys from a computer/user on which the issue does not
occur, and then importing them again.
To export and import:
1. Logon to Windows with a user account for which the issue does not
occur (this may also be a different workstation).
2. Click on [Start] » Run
3. Type "Regedit" and click [OK]
4. Open the following folder:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
\User Shell Folders
5. Right click the "User Shell Folders" key on the left and choose
"Export". Specify a name and location of for the export file and click
[Save].
6. Close the registry editor
7. Logon to Windows with the user account that experiences this issue
8. Double click on the exported registry key you created in step 5.
9. Click [Yes] when asked if you are sure to add the information, then
click [OK] for the "successfully imported" message.
Registry keys that should exist in the "User Shell Folders" key.
The list below has the format "Key Name - Value Data". The type for
all keys is "Expandable String Value" (REG_EXPAND_SZ).
* AppData - %USERPROFILE%\Application Data
* Cache - %USERPROFILE%\Local Settings\Temporary Internet Files
* Cookies - %USERPROFILE%\Cookies
* Desktop - %USERPROFILE%\Desktop
* Favorites - %USERPROFILE%\Favorites
* History - %USERPROFILE%\Local Settings\History
* Local AppData - %USERPROFILE%\Local Settings\Application Data
* Local Settings - %USERPROFILE%\Local Settings
* My Pictures - %USERPROFILE%\My Documents\My Pictures
* NetHood - %USERPROFILE%\NetHood
* Personal - %USERPROFILE%\My Documents\
* PrintHood - %USERPROFILE%\PrintHood
* Programs - %USERPROFILE%\Start Menu\Programs
* SendTo - %USERPROFILE%\SendTo
* Start Menu - %USERPROFILE%\Start Menu
* Startup - %USERPROFILE%\Start Menu\Programs\Startup
* Templates - %USERPROFILE%\Templates
MORE INFORMATION
The "User Shell Folder" is a subkey of the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
registry. Entries in this subkey can also appear in the "Shell
Folders" subkey and in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER.
The entries that appear in user User Shell Folders take precedence
over those in Shell Folders. The entries that appear in
HKEY_CURRENT_USER take precedence over those in HKEY_LOCAL_MACHINE.
0
 
Jason ThomasCommented:
Just wanted to say thank you to RLengkeek. I've had the issue here with 70 users for the past 5 days and have been unable to resolve the issue. This fix you mention above sorted out the problem in minutes.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.