Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-Classic in COM
- General Issues, Building
- System.Security.Cryptography.CryptographicException (container not found)
System.Security.Cryptography.CryptographicException (container not found)
And, it is useful to know that the missing permissions may cause this error as well. I will make a note of it...
Best regards
Please Log in or Create an account to join the conversation.
- gkalipershad
- Offline
- Platinum Member
- Posts: 89
- Thank you received: 2
I followed the instructions in the link provided, but changing the permissions to Everyone was throwing an error. Instead, I had him add permissions to the SYSTEM account.
After making the change to the SYSTEM permissions in C:\ProgramData\Microsoft\Crypto\RSA, he no longer saw the error and he is happy with this as a solution.
Thanks for the help!
GK
Please Log in or Create an account to join the conversation.
- gkalipershad
- Offline
- Platinum Member
- Posts: 89
- Thank you received: 2
Please Log in or Create an account to join the conversation.
In the issue that you have identified as being similar but not identical (different error message), we point out a specific directory that had permission problems. Even though the error message is different, I suggest checking that directory is well. It is described here: kb.opclabs.com/Error_%22The_specified_network_password_is_not_correct.%22
I would also recommend that they make a back up copy of the certificate store directories, clear all files from them, and retest. Sometimes it helps.
Best regards
Please Log in or Create an account to join the conversation.
- gkalipershad
- Offline
- Platinum Member
- Posts: 89
- Thank you received: 2
Please Log in or Create an account to join the conversation.
Yes, it's the LocalSystem account, that looks good.
Regards
Please Log in or Create an account to join the conversation.
- gkalipershad
- Offline
- Platinum Member
- Posts: 89
- Thank you received: 2
Attachments:
Please Log in or Create an account to join the conversation.
I received the certificate directory, thank you. That, by itself, unfortunately gave me no more insight.
However, the fact that the behavior is correct with "normal" user account is, I believe, and as you do as well, a clear indication that this is a permissions problem. So I think what needs to follow is a thorough check of the file/directory permission on the certificate directory, versus the account they want to run under.
Question: Were they really running the service under LocalSystem account? Wasn't that LocalService account? (since the names are similar, people sometimes confuse them). LocalSystem has quite high privileges; LocalService (or NetworkService) has much lower privileges. So, it would be somewhat surprising if LocalSystem did not work, but not that surprising if they were using LocalService.
For a nice confusion, when checking the directory permissions, if they are running under LocalSystem, the "group" for that appears as SYSTEM. So, the permissions on C:\ProgramData\OPC Foundation and everything below should include SYSTEM where in the Permissions... box, all checkboxes under "Allow" are checked (maybe except for "Special permissions").
Regards
Please Log in or Create an account to join the conversation.
- gkalipershad
- Offline
- Platinum Member
- Posts: 89
- Thank you received: 2
I have sent the Certificate Directory to you via email at support09 (at) opclabs.com. This was captured before they switched the user account of the service.
The switched from the Local System account to his personal account, which is a local admin on the server and they no longer receive any errors! However, I do not believe it is feasible for them to run the service application under an admin account, so he is requesting an explanation as to why the Local System account does not work. I am assuming that it simply doesn't have the necessary permissions to create certificates and place them in the proper locations. Thoughts?
GK
Please Log in or Create an account to join the conversation.
- gkalipershad
- Offline
- Platinum Member
- Posts: 89
- Thank you received: 2
I received more information and clarity on the situation.
They started using the new license file because they were getting a licensing error. I am confirming what that error was.
After using the new license, they got the new errors, so the assumption was that the new license file got us past the license issues, but may have introduced something else. I am having a hard time understanding that because like you said, the license should have no effect.
Anyway, I have requested that they provide a directory of the files in the OPC Foundation directory and test by changing the user account that the service runs under. I appreciate the suggestions.
Please Log in or Create an account to join the conversation.
- Forum
- Discussions
- QuickOPC-Classic in COM
- General Issues, Building
- System.Security.Cryptography.CryptographicException (container not found)