Cryptograhy errors in TraceExpertSystem
If you encounter errors in the TraceExpertSystem.txt logs such as the following, you might have a problem with the MachineKeys on the system. This might present itself as the MWExpertSystem service failing to start.
2020/06/24 09:24:52 [5] FATAL MWExpertSystem.Main - ------AN UNHANDLED EXCEPTION HAS OCCURRED------ 2020/06/24 09:24:52 [5] ERROR MWExpertSystem.Main - Exception System.Security.Cryptography.CryptographicException: Access is denied. at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.Utils._GenerateKey(SafeProvHandle hProv, Int32 algid, CspProviderFlags flags, Int32 keySize, SafeKeyHandle& hKey) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at LPI.Security.Cryptography.KeyGenerator.GenerateRandomAsymmetricKeyPair() at LPI.Security.Cryptography.RandomKeyHierarchyContainer.EstablishHierarchy(Guid installationID) at LPI.Security.OM.Cryptography.OnsiteManagerKeyContainer.EstablishHierarchy(Guid installationID) in c:\Builds\73\Sources\OMSolution.root\OMSolution\LPI.Security.OM\Cryptography\OnsiteManagerKeyContainer.cs:line 49 at LPI.ExpertSystem.ManagerNS.Manager.Init() in c:\Builds\73\Sources\OMSolution.root\OMSolution\LPI.OM.ExpertSystem\Main.cs:line 265 at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()
This error occurs in the common decryption and encryption methods that use RSA. There are a variety of reasons an exception can be thrown, most of them having to do with inadequate permissions for the application on a folder.
- Navigate to C:\ProgramData\Microsoft\Crypto\RSA
- Right-click the MachineKeys folder and choose Properties.
- Switch to the Security tab.
- Select the Administrators group and check Allow for Full Control.
- Select the Everyone group and check Allow for Full Control.
- Click OK.
- Restart MWExpertsystem Service