|
Posted by jwgoerlich on September 6, 2007, 8:10 am
Please log in for more thread options Good to know that this can be solved by granting the lesser privilege,
thank you for the feedback.
J Wolfgang Goerlich
> Hi Wolfgang, your advice is insecure.
> I solved the problem by granting NETWORK SERVICE the same permissions on
Machinekeys folder as to SYSTEM.
> Citrix XTE service is run under the NETWORK SERVICE account and it was not
accepting SSL relayed connections. Now all is fine.
>
>
>
> > Try granting Everyone read access to the MachineKeys folder, in
> > addition to what you have already granted Administrators and System.
>
> > J Wolfgang Goerlich
>
> > Microsoft Article 278381, Default permissions for the MachineKeys
> > folders
> >http://support.microsoft.com/kb/278381
>
> >> Hello experts,
> >> I am having the following problem on two of my freshly reinstalled servers
Win2003 Standard SP1:
>
> >> Event Type: Error
> >> Event Source: Schannel
> >> Event Category: None
> >> Event ID: 36870
> >> Date: 9/3/2007
> >> Time: 5:24:45 PM
> >> User: N/A
> >> Computer: GUIS1
> >> Description:
> >> A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is 0x80090016.
>
> >> I have installed a corporate CA into Machine\Trusted Root, and a server SSL
certificate that is signed by the CorpCA, into Machine\Personal. They both look
valid in mmc snap-in, not expired. I also tried to remove-reinstall them to no
avail. I also tried to give Full Access to the Administrator and the SYSTEM on
All Users/Application Data/Microsoft/Crypto/RSA/MachinKeys.
>
> >> I ran certutil and it only shows some problematic Microsoft/Verisign
(expired) certs, not mine corporate.
> >> I cannot take server online to renew them.
>
> >> What next in troubleshooting chain?- Hide quoted text -
>
> - Show quoted text -
| 
XML Sitemap