Avatar of Member_2_6492660_1
Member_2_6492660_1
Flag for United States of America asked on

Windows 2012 ASP.NET Event Error 1334

Windows 2012 R2 Standard
ASP.NET
IIS 8.5

This error pops up from time to time

Log Name:      Application
Source:        ASP.NET 2.0.50727.0
Date:          7/5/2015 6:11:01 AM
Event ID:      1334
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
An unhandled exception occurred and the process was terminated.

Application ID: DefaultDomain

Process ID: 8732

Exception: System.Security.Cryptography.CryptographicException

Message: Keyset does not exist


StackTrace:    at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.SafeKeyHandle._FreeHKey(IntPtr pKeyCtx)
   at System.Security.Cryptography.SafeKeyHandle.ReleaseHandle()
   at System.Runtime.InteropServices.SafeHandle.InternalFinalize()
   at System.Runtime.InteropServices.SafeHandle.Dispose(Boolean disposing)
   at System.Runtime.InteropServices.SafeHandle.Finalize()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ASP.NET 2.0.50727.0" />
    <EventID Qualifiers="49152">1334</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-05T10:11:01.000000000Z" />
    <EventRecordID>29051</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>An unhandled exception occurred and the process was terminated.

Application ID: DefaultDomain

Process ID: 8732

Exception: System.Security.Cryptography.CryptographicException

Message: Keyset does not exist


StackTrace:    at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.SafeKeyHandle._FreeHKey(IntPtr pKeyCtx)
   at System.Security.Cryptography.SafeKeyHandle.ReleaseHandle()
   at System.Runtime.InteropServices.SafeHandle.InternalFinalize()
   at System.Runtime.InteropServices.SafeHandle.Dispose(Boolean disposing)
   at System.Runtime.InteropServices.SafeHandle.Finalize()</Data>
  </EventData>
</Event>

Reported this a while back so I am opening it again.

I found this
https://msdn.microsoft.com/en-us/library/aa702621.aspx


How to retrieve thumb Print
https://msdn.microsoft.com/en-us/library/ms734695.aspx
User.FindPrivateKey My CurrentUser -n "CN=localhost" -a
findprivatekey.exe My CurrentUser -t "46 dd 0e 7a ed 0b 7a 31 9b 02 a3 a0 43 7a d8 3f 60 40 92 9d" -a

cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8aeda5eb81555f14f8f9960745b5a40d_38f7de48-5ee9-452d-8a5a-92789d7110b1" /E /G "NETWORK SERVICE":R

It took me awhile to find "FindPrivateKey.EXE" but I now have it if anyone needs it you can find it here
http://blog.rhysgoodwin.com/windows-admin/findprivatekey-exe-pre-compiled/

so I ran the one above
C:\Util>findprivatekey My currentuser -n "CN=localhost" -a
FindPrivateKey failed for the following reason:
No certificates with key 'CN=localhost' found in the store.

Use /? option for help


I need to find which thumb pint it is so I can issue the cacls command

Also the path in the cacls is not correct for Windows 2012 Server after research I found the location of the machinekeys

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

I found another article that said to give administrators and system full control

I tried that and I received access denied on the machinekeys


So my questions are this

1. how to use the findprivtekey.exe properly to obtain the thumb print then the cacls command should work?

2.  Why can't I add permissions to the folder "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" access denied




Thanks

Tom
Windows Server 2012ASP.NET

Avatar of undefined
Last Comment
btan

8/22/2022 - Mon
Randy Downs

Try this.

Do download it from Web Services Enhancements (WSE) 3.0 for Microsoft .NET for the tools as the previous link is the runtime (missed that out, pardon me).
Note: WSE 3.0 is not supported if installed on a computer with a version of the .NET Framework earlier than 2.0 or a version of Visual Studio earlier than Visual Studio 2005.
https://www.microsoft.com/en-us/download/details.aspx?id=14089
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Member_2_6492660_1

ASKER
Randy

Thanks for responding
I already have that tool

Any way without reviewing every certificate to find what I am looking for I by this error above?

The error is not very helpful to me not sure what to look for.
Member_2_6492660_1

ASKER
Btan

thanks for responding

I will look at those items shortly.

Will post results
Your help has saved me hundreds of hours of internet surfing.
fblack61
Member_2_6492660_1

ASKER
Guys

Still struggling with FindPrivatekey and also found this certutil   see below

C:\Util>findprivatekey my currentuser -n "cn=domain\administrator" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=our\administrator' found in the store.

Use /? option for help

C:\Util>findprivatekey my currentuser -n "cn=administrator" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=administrator' found in the store.

Use /? option for help

C:\Util>findprivatekey my localmachine -n "cn=serv013" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=serv013' found in the store.

Use /? option for help

C:\Util>findprivatekey my localmachine -n "cn=serv013.fqdn.com" -
a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=serv013.fqdn.com' found in the store
.

Use /? option for help

C:\Util>findprivatekey my currentuser -n "cn=administrator.fqdn.com" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=administrator.fqdn.com' found in the
 store.

Use /? option for help

C:\Util>



C:\Util>certutil -verifykeys
CertUtil: No local Certification Authority; use -config option
CertUtil: No more data is available.

C:\Util>certutil -getreg ca\cacerthash
CertUtil: -getreg command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.

C:\Util>


What am I missing here

Thanks
Randy Downs

Did you see this?

The following command retrieves the private key for John Doe.
FindPrivateKey My CurrentUser -n "CN=John Doe"

The following command retrieves the private key for the local machine.
FindPrivateKey My LocalMachine -t "03 33 98 63 d0 47 e7 48 71 33 62 64 76 5c 4c 9d 42 1d 6b 52" –a

/t < thumbprint >
Specifies the thumbprint of the certificate. Use Certmgr.exe to retrieve the thumbprint of the certificate.
Member_2_6492660_1

ASKER
Randy

Yes I tried that
C:\Util>findprivatekey my currentuser -n "cn=domain\administrator" -a
 FindPrivateKey failed for the following reason:
 No certificates with key 'cn=our\administrator' found in the store.


but the one with the thumb print is the one that I can not figure out.

First the error message does not tell me what certificate the problem is with.

In the message how can I tell which certificate is the problem?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Randy Downs

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Member_2_6492660_1

ASKER
Guys

I believe I found the correct certification and made the changes

Lets see if we get this error again

Thanks for all your help
btan

thanks for sharing - I believe you found via the MMC snap-in as I shared in the first post, if possible do share your findings to benefit more in EE at large.