Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

System.Security.Cryptography.CryptographicException (container not found)

More
05 Mar 2023 10:35 #11605 by support
Great! I am glad it works.

And, it is useful to know that the missing permissions may cause this error as well. I will make a note of it...

Best regards
The following user(s) said Thank You: gkalipershad

Please Log in or Create an account to join the conversation.

More
03 Mar 2023 18:00 #11603 by gkalipershad
Z,

I followed the instructions in the link provided, but changing the permissions to Everyone was throwing an error. Instead, I had him add permissions to the SYSTEM account.

After making the change to the SYSTEM permissions in C:\ProgramData\Microsoft\Crypto\RSA, he no longer saw the error and he is happy with this as a solution.

Thanks for the help!

GK

Please Log in or Create an account to join the conversation.

More
03 Mar 2023 13:50 #11601 by gkalipershad
Great, thanks. I will be back if there are any further questions.

Please Log in or Create an account to join the conversation.

More
03 Mar 2023 07:22 #11599 by support
There are some used internally by Microsoft - which is a pain, because it's not quite clear which they are.

In the issue that you have identified as being similar but not identical (different error message), we point out a specific directory that had permission problems. Even though the error message is different, I suggest checking that directory is well. It is described here: kb.opclabs.com/Error_%22The_specified_network_password_is_not_correct.%22

I would also recommend that they make a back up copy of the certificate store directories, clear all files from them, and retest. Sometimes it helps.

Best regards

Please Log in or Create an account to join the conversation.

More
02 Mar 2023 20:21 #11597 by gkalipershad
We checked the permissions to C:\ProgramData\OPC Foundation and SYSTEM has Full Control. Are there any other directories that are involved with the certificate process?

Please Log in or Create an account to join the conversation.

More
02 Mar 2023 17:59 #11596 by support
Hello.

Yes, it's the LocalSystem account, that looks good.

Regards

Please Log in or Create an account to join the conversation.

More
02 Mar 2023 17:22 #11594 by gkalipershad
Z,

Here is what they had sent previously:


I understood this to mean the "LocalSystem" account, which you are indicating is the one with higher privileges. I will have him check out the permissions to that directory.

GK
Attachments:

Please Log in or Create an account to join the conversation.

More
02 Mar 2023 08:27 - 02 Mar 2023 08:28 #11587 by support
Hello.

I received the certificate directory, thank you. That, by itself, unfortunately gave me no more insight.

However, the fact that the behavior is correct with "normal" user account is, I believe, and as you do as well, a clear indication that this is a permissions problem. So I think what needs to follow is a thorough check of the file/directory permission on the certificate directory, versus the account they want to run under.

Question: Were they really running the service under LocalSystem account? Wasn't that LocalService account? (since the names are similar, people sometimes confuse them). LocalSystem has quite high privileges; LocalService (or NetworkService) has much lower privileges. So, it would be somewhat surprising if LocalSystem did not work, but not that surprising if they were using LocalService.

For a nice confusion, when checking the directory permissions, if they are running under LocalSystem, the "group" for that appears as SYSTEM. So, the permissions on C:\ProgramData\OPC Foundation and everything below should include SYSTEM where in the Permissions... box, all checkboxes under "Allow" are checked (maybe except for "Special permissions").

Regards
Last edit: 02 Mar 2023 08:28 by support.

Please Log in or Create an account to join the conversation.

More
01 Mar 2023 22:51 #11586 by gkalipershad
Hello,

I have sent the Certificate Directory to you via email at support09 (at) opclabs.com. This was captured before they switched the user account of the service.

The switched from the Local System account to his personal account, which is a local admin on the server and they no longer receive any errors! However, I do not believe it is feasible for them to run the service application under an admin account, so he is requesting an explanation as to why the Local System account does not work. I am assuming that it simply doesn't have the necessary permissions to create certificates and place them in the proper locations. Thoughts?

GK

Please Log in or Create an account to join the conversation.

More
28 Feb 2023 22:54 #11583 by gkalipershad
Z,

I received more information and clarity on the situation.

They started using the new license file because they were getting a licensing error. I am confirming what that error was.

After using the new license, they got the new errors, so the assumption was that the new license file got us past the license issues, but may have introduced something else. I am having a hard time understanding that because like you said, the license should have no effect.

Anyway, I have requested that they provide a directory of the files in the OPC Foundation directory and test by changing the user account that the service runs under. I appreciate the suggestions.

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.080 seconds