Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36870
Date: 9/3/2007
Time: 5:24:45 PM
User: N/A
Computer: GUIS1
Description:
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.
I have installed a corporate CA into Machine\Trusted Root, and a server SSL certificate that is signed by the CorpCA, into Machine\Personal. They both look valid in mmc snap-in, not expired. I also tried to remove-reinstall them to no avail. I also tried to give Full Access to the Administrator and the SYSTEM on All Users/Application Data/Microsoft/Crypto/RSA/MachinKeys.
I ran certutil and it only shows some problematic Microsoft/Verisign (expired) certs, not mine corporate.
I cannot take server online to renew them.
What next in troubleshooting chain?
J Wolfgang Goerlich
Microsoft Article 278381, Default permissions for the MachineKeys
folders
http://support.microsoft.com/kb/278381
<jwgoe...@gmail.com> wrote in message news:1189004784.7...@y42g2000hsy.googlegroups.com...
J Wolfgang Goerlich
On Sep 6, 3:34 am, "CanSpam" <cans...@stopspam.org> wrote:
> Hi Wolfgang, your advice is insecure.
> I solved the problem by granting NETWORK SERVICE the same permissions on Machinekeys folder as to SYSTEM.
> Citrix XTE service is run under the NETWORK SERVICE account and it was not accepting SSL relayed connections. Now all is fine.
>
>
>
> <jwgoerl...@gmail.com> wrote in messagenews:1189004784.7...@y42g2000hsy.googlegroups.com...
> > Try granting Everyone read access to the MachineKeys folder, in
> > addition to what you have already granted Administrators and System.
>
> > J Wolfgang Goerlich
>
> > Microsoft Article 278381, Default permissions for the MachineKeys
> > folders
> >http://support.microsoft.com/kb/278381
>
> > On Sep 4, 9:26 am, "CanSpam" <cans...@stopspam.org> wrote:
> >> Hello experts,
> >> I am having the following problem on two of my freshly reinstalled servers Win2003 Standard SP1:
>
> >> Event Type: Error
> >> Event Source: Schannel
> >> Event Category: None
> >> Event ID: 36870
> >> Date: 9/3/2007
> >> Time: 5:24:45 PM
> >> User: N/A
> >> Computer: GUIS1
> >> Description:
> >> A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.
>
> >> I have installed a corporate CA into Machine\Trusted Root, and a server SSL certificate that is signed by the CorpCA, into Machine\Personal. They both look valid in mmc snap-in, not expired. I also tried to remove-reinstall them to no avail. I also tried to give Full Access to the Administrator and the SYSTEM on All Users/Application Data/Microsoft/Crypto/RSA/MachinKeys.
>
> >> I ran certutil and it only shows some problematic Microsoft/Verisign (expired) certs, not mine corporate.
> >> I cannot take server online to renew them.
>
> >> What next in troubleshooting chain?- Hide quoted text -
>
> - Show quoted text -