C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder
Mayo, Bill
I have discovered that files are accumulating in the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder at the rate of about one a minute. Googling shows this as an issue for many people, with the primary culprit identified as a bug in ESET and lots of suggestions to fix permissions. We do not have ESET. I did find a permissions problem and corrected it to match documentation (https://docs.microsoft.com/en-US/troubleshoot/windows-server/windows-security/default-permissions-machinekeys-folders). The files keep building. I tried monitoring the directory with ProcMon, but I am not getting any hits from that (possible I am doing something wrong there, but I don’t think so). Tried looking in Event Logs, but don’t see anything obvious there. This server is Windows Server 2016 and is running SQL Server.
Anybody have any ideas/pointers on what is going on, how I can pinpoint the source, or otherwise correct the issue?
Bill Mayo
Kurt Buff
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/8a8bd219664b46daa5d68f9d7261235e%40pittcountync.gov.
Michael B. Smith
ManageEngine, SolarWinds, VMWare, many others have had this issue. It happens when a .NET certificate object isn’t properly disposed.
I think this may be a helpful article (the first comment, not the post itself): https://techcommunity.microsoft.com/t5/iis-support-blog/machinekeys-folder-fills-up-quickly/bc-p/2076851/highlight/true#M531
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce6ptPTnSswuRfV024pOtmx%2BPTga3nMnqbXOgF2XoXxmEw%40mail.gmail.com.
Mayo, Bill
Kurt/Michael – thanks for the responses. I had seen the articles linked. AV involved here is Defender and I stopped it for a while, but files kept accumulating. I am not able to find any failed certificate requests. Based on Michael’s comment, I suspect something happening with the vendor application that hits this server. Is there any specific resource that would further explain the .NET issue that Michael indicates?
My main issue at the moment is that the directory continues to build, and trying to address that before cleanup.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/664af6d9ccce4ff88dea43ecd09fc902%40smithcons.com.
Michael B. Smith
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/cfb3d477cece49ad99ab005d581d2a06%40pittcountync.gov.
Mayo, Bill
Thanks, guys. I am going to check with the vendor to see if maybe it is their application.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/15f81a92ad414ccbb5382f18d3b6508c%40smithcons.com.
Robert ECEO Townley
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/baf18d704fe445fa9837a1bc424c5902%40pittcountync.gov.
Do not blame older Windows versions when Win10 networking can be blamed.Do not blame IPv4 when you can blame IPv6.
Mayo, Bill
No SSH running.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CACE8Fw%3DLb2DXsHU4v6BMcgZpis1De-ykE7J0CxfwS0-DZMza8A%40mail.gmail.com.