StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>:-)</p> <p>I have solved this issue in a couple of steps:</p> <p><strong>1)</strong> I changed the user of the <code>Default Application Pool</code> to my username ...</p> <p><a href="http://www1.ruedenet.is/files/ErrorFix1.png" rel="nofollow noreferrer">alt text http://www1.ruedenet.is/files/ErrorFix1.png</a></p> <p>... and that worked. I changed the user of the application pool back to <code>NETWORK SERVICE</code> and it didn't work again. This told me that the problem had something to do with the <code>NETWORK SERVICE</code> user. So I went back to looking for what could be the problem with the permissions of this user. </p> <p><strong>2)</strong> When browsing and reading the web I found Tim Jacobs' blogpost <a href="http://timjacobs.blogspot.com/2008/11/app-v-45-certificate-galore.html" rel="nofollow noreferrer">App-V 4.5 Certificate Galore</a> at <a href="http://timjacobs.blogspot.com/2008/11/app-v-45-certificate-galore.html" rel="nofollow noreferrer">http://timjacobs.blogspot.com/2008/11/app-v-45-certificate-galore.html</a>. Well, there wasn't anything new in it until at the end where he talks about the storage location of the private key on the disk. So I ran the <a href="http://msdn.microsoft.com/en-us/library/aa717039.aspx" rel="nofollow noreferrer">FindPrivateKey.exe</a> tool, ...</p> <blockquote> <p>C:\MyTools>FindPrivateKey.exe My LocalMachine -t "8c 1a e6 1b 6d f2 f8 18 c8 26 b6 fa cd 60 fd 94 c7 a1 96 58"<br/> Private key directory:<br/> <strong>C:\Users\alfred\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3612370315-2559787 071-3412320394-1135</strong><br/> Private key file name:<br/> b3765d4123902371ea91c5c9a521932e_96ce3a90-5634-44e6-8aa2-acb123b8b3bf</p> </blockquote> <p>... which tells me that the location of the private key is in the <code>C:\Users\alfred\...</code> directory and the <code>NETWORK SERVICE</code> user probably doesn't have access in to this directory!!!</p> <p><strong>3)</strong> I therefore followed Tim's suggestion to use MMC to export the certificate & private key from the <code>Local Computer/Personal/Certificates</code> and then import it into <code>Local Computer/Trusted Root Certificate Authorities/Certificates</code>. After having exported, <a href="http://msdn.microsoft.com/en-us/library/aa717039.aspx" rel="nofollow noreferrer">FindPrivateKey.exe</a> reported, ...</p> <blockquote> <p>C:\MyTools>FindPrivateKey.exe My LocalMachine -t "8c 1a e6 1b 7d f1 f8 18 c8 26 b6 fa cd 60 fd 94 c7 a1 96 58"<br/> FindPrivateKey failed for the following reason: No certificates with key '8c 1a e6 1b 7d f1 f8 18 c8 26 b6 fa cd 60 fd 94 c7 a1 96 58' found in the store.</p> </blockquote> <p>... which tells me the export worked. After importing and copy pasting it back to <code>Local Computer/Personal/Certificates</code> I get...</p> <blockquote> <p>C:\MyTools>FindPrivateKey.exe My LocalMachine -t "8c 1a e6 1b 7d f1 f8 18 c8 26 b6 fa cd 60 fd 94 c7 a1 96 58"<br/> Private key directory:<br/> <strong>C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys</strong><br/> Private key file name:<br/> b3765d4d5a902371ea91c5c9a521932e_96ce3a90-5634-44e6-8aa2-acbaccb8b3bf</p> </blockquote> <p>...and now the private key is in a public place, the <code>C:\ProgramData\...</code> directory. I then changed the private key permissions of the <code>NETWORK SERVICE</code> user to <em>Full Access</em> using the <em>X509 Certificate Tool</em> as I had done before.</p> <p><strong>And now it works!!!</strong></p> <p><strong>I just can't thank you enough for your blogpost Tim. Thank you.</strong></p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload