locked
CRM 2016 Claims based authentication keyset does not exist RRS feed

  • Question

  • Hi,

    I have an interesting issue. I have installed a CRM server for a customer which is an IFD and it has been working with the claims and IFD. Now the customer changed certificate to a new one and of course everything went black. To to some other trouble shooting we decided it would be best to put the old certificate back and still things doesn't work.

    When I go to the federationmetadata of the CRM server I get a "chryptographical error, keyset does not exist". When I've run into this earlier it means that the app-pool account can't read the private keys of the certificate in use. This was also the case so I gave the app pool account rights on the private keys but I still get this error message.

    Any ideas to what can be done?

    Regards


    Rickard Norström Developer CRM-Konsulterna
    http://www.crmkonsulterna.se
    Swedish Dynamics CRM Forum: http://www.crmforum.se
    My Blog: http://rickardnorstrom.blogspot.se

    Thursday, April 28, 2016 9:40 AM

All replies

  • Ok, this is no longer an issue, somehow the private key rights hadn't taken effect, very weird.

    /Rickard


    Rickard Norström Developer CRM-Konsulterna
    http://www.crmkonsulterna.se
    Swedish Dynamics CRM Forum: http://www.crmforum.se
    My Blog: http://rickardnorstrom.blogspot.se

    Thursday, April 28, 2016 11:38 AM
  • I've seen this happen as well after needing to install an updated certificate.  What I had to do was to import the new certificate with the private key information, export out the certificate with the private key and the extended properties, and then to re-import that.  My two cents is that this shouldn't have to be this complicated, but in what I saw, if running into this, these are the steps that took care of it.
    Friday, September 30, 2016 2:51 PM