locked
SSL Error on Server/Data Loss on Client PC RRS feed

  • Question

  • I installed WHS a few weeks ago, and everything has been running fine up until today.

    I came home from a trip to find my main PC had lost all the data in my main account's Documents folder.  I decided to try to see if I could restore from Friday, and logged into the server console.  As it was retrieving the backup from 12/5 it froze.  I killed the process and tried to log in again, with no success.  So I went into the server box and rebooted it.  When it came back up, I got an error that something hadn't loaded correctly.  I went into the event view and have this error:

    "A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x6."

    Any idea what's causing this?


    I have no idea how I lost all the document data, favorites, etc on this user yet.  The only thing different I did that I haven't done before was to log into the desktop remotely and schedule a VMC TV recording.  Programs seem to be running fine otherwise.
    Monday, December 8, 2008 12:22 AM

Answers

  • I think I finally figured this out.  I changed the permissions of the All Users Profile\Application Data\Microsoft\Crypto\RSA\Machinekeys folder for the "Everyone" group to apply on "This folder, subfolders and files" similar to what's shown on KB 278381.

    So far I haven't gotten the error back after a couple of reboots.  Hope it stays gone.

    http://support.microsoft.com/kb/278381


    Just thought I'd post in case anybody else came across this.  I assume this is safe security wise?
    • Marked as answer by Andy Sexton Monday, April 13, 2009 12:19 PM
    Friday, April 10, 2009 5:21 PM

All replies

  • Andy,

    I've not seen this on a WHS box before, but it does appear on Server 2003 units occasionally.
    A couple of possibilities:

    Some firewalls may reject network traffic that originates from Windows
    Server 2003 Service Pack 1-based or Windows Vista-based computers
    http://support.microsoft.com/?id=899148

    Windows Firewall may drop ICMP packets in Windows Server 2003 with Service
    Pack 1 (SP1)
    http://support.microsoft.com/?id=899657

    Also,
    As certificate requests require RPC to be NT Authority\NetworkService, can you also please verify that this account is running the service?

    To do this:

    1. Run services.msc.
    2. Double click Remote Procedure Call (RPC).
    3. On the Log on tab, make sure the PRC is running with account NT AUTHORITY\NetworkService.

    Personally, if these ideas don't correct it, I would also file a .cab report through the Connect site, just in case.

    Colin

    If anyone answers your query successfully, please mark it as 'Helpful', to guide other users.
    Monday, December 8, 2008 1:53 PM
    Moderator
  • Thanks. 

    I did not see this initially after the build.  This just popped up, and in the reboot with the recent patch updates it also threw the error.  I am running a D-link 815 gigabit/n dual band router.  The only recent changes that I can think of were enabling jumbo frames on the server and wired PCs, and enabling the 5Ghz band on the router for a wireless client.  I don't see that those would affect anything, but I'm far from an expert at this type of stuff.

    I did verify NT AUTHORITY\NetworkService was the account on RPC.

    Anything else to look at?  Is there anything that enabling jumbo frames would do in relation to this?
    Thursday, December 11, 2008 8:26 PM
  • Andy,

    Jumbo frames can be a can of worms, especially if there are differing manufacturers involved!
    When you enabled it, did all your other equipment also have it enabled, (and do they use the same frame size)? However, I wouldn't have thought they would be connected to the errors you've seen.

    This site might just have some help, as it's referring to the same errors.

    Colin



    If anyone answers your query successfully, please mark it as 'Helpful', to guide other users.
    Thursday, December 11, 2008 8:49 PM
    Moderator
  • I think I finally figured this out.  I changed the permissions of the All Users Profile\Application Data\Microsoft\Crypto\RSA\Machinekeys folder for the "Everyone" group to apply on "This folder, subfolders and files" similar to what's shown on KB 278381.

    So far I haven't gotten the error back after a couple of reboots.  Hope it stays gone.

    http://support.microsoft.com/kb/278381


    Just thought I'd post in case anybody else came across this.  I assume this is safe security wise?
    • Marked as answer by Andy Sexton Monday, April 13, 2009 12:19 PM
    Friday, April 10, 2009 5:21 PM