Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.
Windows 2012 ASP.NET Event Error 1334
Windows 2012 R2 Standard
ASP.NET
IIS 8.5
This error pops up from time to time
Log Name: Application
Source: ASP.NET 2.0.50727.0
Date: 7/5/2015 6:11:01 AM
Event ID: 1334
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERV013.FQDN.com
Description:
An unhandled exception occurred and the process was terminated.
Application ID: DefaultDomain
Process ID: 8732
Exception: System.Security.Cryptograp
Message: Keyset does not exist
StackTrace: at System.Security.Cryptograp
at System.Security.Cryptograp
at System.Security.Cryptograp
at System.Runtime.InteropServ
at System.Runtime.InteropServ
at System.Runtime.InteropServ
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ASP.NET 2.0.50727.0" />
<EventID Qualifiers="49152">1334</E
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2015-07-05T10:
<EventRecordID>29051</Even
<Channel>Application</Chan
<Computer>SERV013.FQDN.com
<Security />
</System>
<EventData>
<Data>An unhandled exception occurred and the process was terminated.
Application ID: DefaultDomain
Process ID: 8732
Exception: System.Security.Cryptograp
Message: Keyset does not exist
StackTrace: at System.Security.Cryptograp
at System.Security.Cryptograp
at System.Security.Cryptograp
at System.Runtime.InteropServ
at System.Runtime.InteropServ
at System.Runtime.InteropServ
</EventData>
</Event>
Reported this a while back so I am opening it again.
I found this
https://msdn.microsoft.com/en-us/library/aa702621.aspx
How to retrieve thumb Print
https://msdn.microsoft.com/en-us/library/ms734695.aspx
User.FindPrivateKey My CurrentUser -n "CN=localhost" -a
findprivatekey.exe My CurrentUser -t "46 dd 0e 7a ed 0b 7a 31 9b 02 a3 a0 43 7a d8 3f 60 40 92 9d" -a
cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\
It took me awhile to find "FindPrivateKey.EXE" but I now have it if anyone needs it you can find it here
http://blog.rhysgoodwin.com/windows-admin/findprivatekey-exe-pre-compiled/
so I ran the one above
C:\Util>findprivatekey My currentuser -n "CN=localhost" -a
FindPrivateKey failed for the following reason:
No certificates with key 'CN=localhost' found in the store.
Use /? option for help
I need to find which thumb pint it is so I can issue the cacls command
Also the path in the cacls is not correct for Windows 2012 Server after research I found the location of the machinekeys
C:\ProgramData\Microsoft\C
I found another article that said to give administrators and system full control
I tried that and I received access denied on the machinekeys
So my questions are this
1. how to use the findprivtekey.exe properly to obtain the thumb print then the cacls command should work?
2. Why can't I add permissions to the folder "C:\ProgramData\Microsoft\
Thanks
Tom
ASP.NET
IIS 8.5
This error pops up from time to time
Log Name: Application
Source: ASP.NET 2.0.50727.0
Date: 7/5/2015 6:11:01 AM
Event ID: 1334
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERV013.FQDN.com
Description:
An unhandled exception occurred and the process was terminated.
Application ID: DefaultDomain
Process ID: 8732
Exception: System.Security.Cryptograp
Message: Keyset does not exist
StackTrace: at System.Security.Cryptograp
at System.Security.Cryptograp
at System.Security.Cryptograp
at System.Runtime.InteropServ
at System.Runtime.InteropServ
at System.Runtime.InteropServ
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ASP.NET 2.0.50727.0" />
<EventID Qualifiers="49152">1334</E
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2015-07-05T10:
<EventRecordID>29051</Even
<Channel>Application</Chan
<Computer>SERV013.FQDN.com
<Security />
</System>
<EventData>
<Data>An unhandled exception occurred and the process was terminated.
Application ID: DefaultDomain
Process ID: 8732
Exception: System.Security.Cryptograp
Message: Keyset does not exist
StackTrace: at System.Security.Cryptograp
at System.Security.Cryptograp
at System.Security.Cryptograp
at System.Runtime.InteropServ
at System.Runtime.InteropServ
at System.Runtime.InteropServ
</EventData>
</Event>
Reported this a while back so I am opening it again.
I found this
https://msdn.microsoft.com/en-us/library/aa702621.aspx
How to retrieve thumb Print
https://msdn.microsoft.com/en-us/library/ms734695.aspx
User.FindPrivateKey My CurrentUser -n "CN=localhost" -a
findprivatekey.exe My CurrentUser -t "46 dd 0e 7a ed 0b 7a 31 9b 02 a3 a0 43 7a d8 3f 60 40 92 9d" -a
cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\
It took me awhile to find "FindPrivateKey.EXE" but I now have it if anyone needs it you can find it here
http://blog.rhysgoodwin.com/windows-admin/findprivatekey-exe-pre-compiled/
so I ran the one above
C:\Util>findprivatekey My currentuser -n "CN=localhost" -a
FindPrivateKey failed for the following reason:
No certificates with key 'CN=localhost' found in the store.
Use /? option for help
I need to find which thumb pint it is so I can issue the cacls command
Also the path in the cacls is not correct for Windows 2012 Server after research I found the location of the machinekeys
C:\ProgramData\Microsoft\C
I found another article that said to give administrators and system full control
I tried that and I received access denied on the machinekeys
So my questions are this
1. how to use the findprivtekey.exe properly to obtain the thumb print then the cacls command should work?
2. Why can't I add permissions to the folder "C:\ProgramData\Microsoft\
Thanks
Tom
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Try this.
Do download it from Web Services Enhancements (WSE) 3.0 for Microsoft .NET for the tools as the previous link is the runtime (missed that out, pardon me).
Note: WSE 3.0 is not supported if installed on a computer with a version of the .NET Framework earlier than 2.0 or a version of Visual Studio earlier than Visual Studio 2005.
https://www.microsoft.com/en-us/download/details.aspx?id=14089
There is step (1) and (2) as in the first link you shared in the post. This is important to make sure the account of the WCF services executing and the identified account certstore hold the cert and has the corresponding private keyset. It should be a SSL binding done in WCF - see "Configure SSL Certificate for WCF Service"
http://dotnetmentors.com/wcf/configure-iis-for-wcf-service-with-ssl-and-transport-secuirty.aspx
You are running the tool finding a certificate with subject name as "localhost" which I does not exist. Does the currentuser has those certificate in the certstore
http://www.itsolutionbraindumps.com/2011/02/finding-private-key-for-your.html
For the machinekey portion, it is to provide access to the account trying to access it
http://dotnetmentors.com/wcf/configure-iis-for-wcf-service-with-ssl-and-transport-secuirty.aspx
You are running the tool finding a certificate with subject name as "localhost" which I does not exist. Does the currentuser has those certificate in the certstore
Start MMC and add the Certificate Snap-in, selecting the right container owner for your SSL certificate. Find the certificate (it's probably in the personal store), right click on it and choose All Tasks > Manage Private key. Grant read access to the private key to the user hosting your service.pse also see the steps though it stated as "CN=yourservername.domain.
http://www.itsolutionbraindumps.com/2011/02/finding-private-key-for-your.html
For the machinekey portion, it is to provide access to the account trying to access it
....https://cedricboudoya.wordpress.com/2008/10/16/wcf-certificate-%E2%80%93-keyset-does-not-exist-%E2%80%93-part-2/
4.You’re going to add your ASP.NET Machine Account or IUSR_<AccountName> account and give it full permission. Click the "Add.." button. Then click "OK".
5.The ASP.NET Machine Account or IUSR account is now listed. Select it and then check the "Full Control" or “Modify” checkbox (causing all the other Allow checkboxes to be selected). Then click "Apply".
Randy
Thanks for responding
I already have that tool
Any way without reviewing every certificate to find what I am looking for I by this error above?
The error is not very helpful to me not sure what to look for.
Thanks for responding
I already have that tool
Any way without reviewing every certificate to find what I am looking for I by this error above?
The error is not very helpful to me not sure what to look for.
Guys
Still struggling with FindPrivatekey and also found this certutil see below
C:\Util>findprivatekey my currentuser -n "cn=domain\administrator" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=our\administrator' found in the store.
Use /? option for help
C:\Util>findprivatekey my currentuser -n "cn=administrator" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=administrator' found in the store.
Use /? option for help
C:\Util>findprivatekey my localmachine -n "cn=serv013" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=serv013' found in the store.
Use /? option for help
C:\Util>findprivatekey my localmachine -n "cn=serv013.fqdn.com" -
a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=serv013.fqdn.com' found in the store
.
Use /? option for help
C:\Util>findprivatekey my currentuser -n "cn=administrator.fqdn.com
FindPrivateKey failed for the following reason:
No certificates with key 'cn=administrator.fqdn.com
store.
Use /? option for help
C:\Util>
C:\Util>certutil -verifykeys
CertUtil: No local Certification Authority; use -config option
CertUtil: No more data is available.
C:\Util>certutil -getreg ca\cacerthash
CertUtil: -getreg command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.
C:\Util>
What am I missing here
Thanks
Still struggling with FindPrivatekey and also found this certutil see below
C:\Util>findprivatekey my currentuser -n "cn=domain\administrator" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=our\administrator' found in the store.
Use /? option for help
C:\Util>findprivatekey my currentuser -n "cn=administrator" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=administrator' found in the store.
Use /? option for help
C:\Util>findprivatekey my localmachine -n "cn=serv013" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=serv013' found in the store.
Use /? option for help
C:\Util>findprivatekey my localmachine -n "cn=serv013.fqdn.com" -
a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=serv013.fqdn.com' found in the store
.
Use /? option for help
C:\Util>findprivatekey my currentuser -n "cn=administrator.fqdn.com
FindPrivateKey failed for the following reason:
No certificates with key 'cn=administrator.fqdn.com
store.
Use /? option for help
C:\Util>
C:\Util>certutil -verifykeys
CertUtil: No local Certification Authority; use -config option
CertUtil: No more data is available.
C:\Util>certutil -getreg ca\cacerthash
CertUtil: -getreg command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.
C:\Util>
What am I missing here
Thanks
Did you see this?
The following command retrieves the private key for John Doe.
FindPrivateKey My CurrentUser -n "CN=John Doe"
The following command retrieves the private key for the local machine.
FindPrivateKey My LocalMachine -t "03 33 98 63 d0 47 e7 48 71 33 62 64 76 5c 4c 9d 42 1d 6b 52" –a
/t < thumbprint >
Specifies the thumbprint of the certificate. Use Certmgr.exe to retrieve the thumbprint of the certificate.
Randy
Yes I tried that
C:\Util>findprivatekey my currentuser -n "cn=domain\administrator" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=our\administrator' found in the store.
but the one with the thumb print is the one that I can not figure out.
First the error message does not tell me what certificate the problem is with.
In the message how can I tell which certificate is the problem?
Yes I tried that
C:\Util>findprivatekey my currentuser -n "cn=domain\administrator" -a
FindPrivateKey failed for the following reason:
No certificates with key 'cn=our\administrator' found in the store.
but the one with the thumb print is the one that I can not figure out.
First the error message does not tell me what certificate the problem is with.
In the message how can I tell which certificate is the problem?
Try this.
This tool can help you find the actual file location of you cert with the cert’s Thumbprint. To find the thumbprint, open Microsoft Management Console.
Add the Certificates snap-in
You should be able to find your cert somewhere
Right click it, select Open. Click on the Details tab in the Certificate dialog. You should be able to find the Thumbprint of your cert.
Now with the thumbprint, run the following command in command line prompt. Note that in the example, I tried to retrieve the cert’s for the local machine. See this page for more details on this tool.
>FindPrivateKey my localmachine -t ” THUMBPRINT “
It will return the folder and name of your cert!
Premium Content
You need an Expert Office subscription to comment.Start Free Trial