Tuesday 10 July 2012

Fixing an SCSM System.Security.Cryptography.CryptographicException

Whoa, that’s a long title!

This morning, I was asked to check our System Center Service Manager portal as it wouldn’t load at all. The error was the banal Internet Explorer cannot display the webpage.

There were a few issues that had to be sorted once I read through the event logs. I sorted them and thought, no problem, the portal should be running again and tried it. IE did its usual spinning circle thingy and I waited while it decided what it would do. Eventually when it did return it said the usual error .. Internet Explorer cannot display this webpage.

When I checked the event logs, I noticed that there was an ASP.NET error repeating itself .. (warning long error coming)

An unhandled exception occurred and the process was terminated.

Application ID: /LM/W3SVC/2/ROOT/CustomEndUser

Process ID: 6820

Exception: Microsoft.EnterpriseManagement.ConfigurationReaderException

Message: Feature of type 'Microsoft.EnterpriseManagement.ServiceDataLayer.ISecureStorageManagerFeature, Microsoft.EnterpriseManagement.DataAccessService.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' cannot be added to the container.

StackTrace:    at Microsoft.EnterpriseManagement.ConfigurationReaderHelper.ReadFeatures(XPathNavigator navi, IContainer container)
   at Microsoft.EnterpriseManagement.ConfigurationReaderHelper.Process()
   at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.Initialize(InProcEnterpriseManagementConnectionSettings configuration)
   at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.InitializeRunner(Object state)
   at System.Threading.ExecutionContext.runTryCode(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart(Object obj)

InnerException: Microsoft.EnterpriseManagement.ComponentActivationException

Message: The constructor for the component threw an exception. Please see the inner exception for more details.

StackTrace:    at Microsoft.EnterpriseManagement.ComponentActivator.Activate[T](ActivationContext`1 context)
   at Microsoft.EnterpriseManagement.SingletonLifetimeManager`1.GetComponent[K]()
   at Microsoft.EnterpriseManagement.LifetimeManagerWrapper`2.GetComponent[K]()
   at Microsoft.EnterpriseManagement.FeatureContainer.GetFeatureInternal[T](Type type, String featureName)
   at Microsoft.EnterpriseManagement.FeatureContainer.AddFeatureInternal[T,V](ActivationContext`1 context, String featureName)

InnerException: System.Security.Cryptography.CryptographicException

Message: The profile for the user is a temporary profile.

StackTrace:    at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters parameters)
   at System.Security.Cryptography.RSA.FromXmlString(String xmlString)
   at Microsoft.EnterpriseManagement.Security.AsymmetricKeyManager.Initialize(Byte[] publicKey)
   at Microsoft.EnterpriseManagement.Security.AsymmetricKeyManager..ctor(Byte[] key, Boolean self)
   at Microsoft.EnterpriseManagement.Security.SecureStorageManager.Initialize()
   at Microsoft.EnterpriseManagement.ServiceDataLayer.SecureStorageManagerFeatureImplementation..ctor()

Yeah its a lot!

The main thing that stood out amongst all this was the InnerException

InnerException: System.Security.Cryptography.CryptographicException

Message: The profile for the user is a temporary profile.

A quick check online about temporary profiles revealed how to check and find these profiles in the registry. Browsing to the following registry key, HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList I could see that there were a couple of keys with the extension .bak. The keys are the SIDs for the user accounts. The application pool account was there and the normal account had a .bak extension. I deleted the existing one, and removed the .bak from the old key.

I recycled the application pool and the portal resumed working as normal.

One of those weird and wonderful errors that pop up to confuse you.