How do I solve Event 513 CAPI2?

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
techcodrAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kyle SantosCustomer RelationsCommented:
Hi,

I am here to help you with your open question.  Do you still need help?  I have the ability to alert more experts if you still need help.

If you solved the problem on your own, would you please post the solution here in case others have the same problem?

If you need me to delete this question just say "Delete."

Thank you for using Experts Exchange.

Regards,

Kyle Santos
Customer Relations
0
techcodrAuthor Commented:
Yes, I could still use help. I have no answer.
0
Kyle SantosCustomer RelationsCommented:
Could you provide some context on what happened to get what you have posted?  
What is the problem you're trying to solve?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

techcodrAuthor Commented:
I am trying to up with the solution to stop this error from occurring.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
techcodrAuthor Commented:
Seems the first link goes to the second link.

I could not start with the second link solution because accesschk.exe is not recognized as a command.

:\Windows\system32>accesschk.exe -c mslldp
'accesschk.exe' is not recognized as an internal or external command,
operable program or batch file.
0
Wes MillerIT  SupportCommented:
Yes the first link does as first gives details and the second one solution.
Accesschk.exe is a microsft sysinternals file, can be downloaded here:
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
0
techcodrAuthor Commented:
I could not exactly follow the instructions.
1. The Windows Server 2016 is 64 bits so I had to start with  accesschk64 -c mslldp (did not need the .exe)

2. I was not exactly clear where to put the (A;;CCLCSWLOCRRC;;;SU)
Given:
accesschk.exe -c mslldp
mslldp
  RW NT AUTHORITY\SYSTEM
  RW BUILTIN\Administrators
  RW S-1-5-32-549       <- these are server operators
  R  NT SERVICE\NlaSvc

1. Run: SC sdshow MSLLDP
You'll get something like below (SDDL language is documented on MSDN):
 
D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Four items listed in accesschk.exe -c mslldp but the divisions were more in SC sdshow MSLLDP using () to separate items.
D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)
(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Looks like four lines and some sort of closer.  Seems the (A;;CCLCSWLOCRRC;;;SU) should be before (A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD).

But the link says put in the middle of the last line.
(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
That looks wrong.

Link says Take NT AUTHORITY\ SERVICE entry, which is (A;;CCLCSWLOCRRC;;;SU) and add it to the original MSLLDP security descriptor properly, right before the last S:(AU... group.  But did not get an S:

I decided to put the (A;;CCLCSWLOCRRC;;;SU) in front of the last line.
Which seemed to work.

C:\>accesschk64 -c mslldp

Accesschk v6.12 - Reports effective permissions for securable objects
Copyright (C) 2006-2017 Mark Russinovich
Sysinternals - www.sysinternals.com

mslldp
  RW NT AUTHORITY\SYSTEM
  RW BUILTIN\Administrators
  R  BUILTIN\Server Operators
  R  NT AUTHORITY\SERVICE
  R  NT SERVICE\NlaSvc
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.