Код ошибки 2146893802

• Remove From My Forums

• Question

• I system was attacked by a ransom bug and almost lost it all. I was able to restore the server from a 3 week old back up. But I’m getting all sorts of errors. Most relate to Certsrv. I don’t have a .pfx file pull from. I click on Cert service and try to
  start the service but get and the service does not start. Can anyone help with this

  Keyset does not exist 0x80090016 (-2146893802). 

• Remove From My Forums

• Question

• Hi,

  I need to get into our Certificate Authority but when I try to open it I get error «Keyset does not exist 0x80090016 (-2146893802).  This error is because the service is not started I presume.  When I try to start the service I get error-
  «Windows could not start the active directory certificate services on local computer………. refer to service-specific error code — 2146893802.

  This is on a Server 2008 R2 box.  I haven’t needed to go into the certificate authority for a while so not sure how long its been like this.  Please can someone advise on a solution?

  Thanks

  Chris

SQL Server might fail to start with below error

Server Error: 17190, Severity: 16, State: 1.

Server Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802.

Server Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate

Error: 15466, Severity: 16, State: 1.

spid7s An error occurred during decryption.

Cause

CryptAcquireContext function is used by SQL Server to acquire a handle to key containers, create key containers and destroy key containers.

By default CryptAcuireContext function create key in “Roaming\Microsoft\Crypto\..” under path mentioned in below registry

HKEY_USERS\S-1-X-XXX\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData

If the AppData Key is missing or if the user don’t have permission in path mentioned in above registry or if user profile is corrupted we might end up with above error.

To narrow down the issue outside SQL-Server run THIS executable which will Open or Create key container if it doesn’t exist. If the exe fails look at error code returned by exe and troubleshoot further.

To check if the problem is because of corrupted profile modify the path mentioned in HKEY_USERS\S-1-X-XXX\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData folder to a

different path and check if the exe is able to create the key container.

Source  code for Exe is below

#include <windows.h> 
#include <string> 
#include <winbase.h> 
#include <iostream> 
using namespace std;
#include <Wincrypt.h >
 
                                      
void main()
{
LPCSTR rgwchKeyContName = "Test123456";  
HCRYPTPROV m_hCryptoProviderFB;
BOOL ret;
BOOL ret2;

ret=CryptAcquireContext(&m_hCryptoProviderFB, rgwchKeyContName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_SILENT);
    
if (!ret && GetLastError() == NTE_BAD_KEYSET)

{
    
    printf("\nUnable to open Keyset.CryptAcquireContext failed with error: 0x%X . \nWe will try creating key",GetLastError());

    ret2=CryptAcquireContext(&m_hCryptoProviderFB, rgwchKeyContName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_SILENT);
        if (!ret2)
        {
        printf("\nCryptAcquireContext failed creating key.Error: 0x%X",GetLastError());
        }
        else
        {
        printf("\nKey created");
        }
    exit;
}


else if (!ret && GetLastError() == NTE_BAD_KEYSET)
{
printf("CryptAcquireContext failed with error: 0x%X",GetLastError());
}

else
{

    printf("CryptAcquireContext opened key. Return value is 0x%X.",ret);
}

    if (CryptReleaseContext(m_hCryptoProviderFB,0))
    {
    printf("\nHandle is released.\n");
    }
    else
    {
    printf("\nHandle could not be released.\n");
    }

}

Thanks

Karthick P.K

HRESULT analysis^[2]

Keyset does not exist / Identity invalid

Note: I’ve found several questions similar on here, but the one’s that were resolved did not work for me. So I thought I’d open a new question. I rebooted our server 2012 box, which hosts our new .net applications. After doing so, I started receiving a 503 error. Upon investigation, […] read more

Audit failure 5061 after logging in to Windows 10

Logging in to Windows 10 Build 10547 I see for a split second a message box pop up. There’s no time to read it as the login succeeds. In the event log I see: Audit failure 5061 with a task category of System Integrity The event directly previous is fetching […] read more

Why do I lose my key container when I reboot?

For many years we have kept our strong name key in a key container. Visual Studio doesn’t directly support that but, it works fine if you just edit the .csproj file and add: <KeyContainerName>MyKeyName</KeyContainerName> We install the key into the key store by doing: sn -m Y sn -i MyKeyFile.snk […] read more

Error while changing identity for application pool

I try change identity for application pool on Windows Azure. My project uses this application pool when works on Windows Azure. By default application pool uses NetworkService identity, but I must use another identity. I try change it in OnStart() event of WebRole by this way: using (ServerManager serverManager = […] read more

Can’t import PFX with CERTUTIL — «Keyset does not exist»

We have a PFX file that when used on any other Windows system (Server 2008 R2, 7, installs fine. On 2 of my servers, the import fails like so: CertUtil: -importPFX command FAILED: 0x80090016 (-2146893802) CertUtil: Keyset does not exist We originally imported this PFX use the MMC snap-in, […] read more

Error in AES Encryption using C++

I have done Encryption of a File using C++ with ENCRYPT_ALGORITHM as CALG_RC4. The code is working fine. When I changed the ENCRYPT_ALGORITHM to CALG_AES_256 it fails. if(CryptAcquireContext( &hCryptProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) and if(!CryptDeriveKey( hCryptProv, ENCRYPT_ALGORITHM, hHash, KEYLENGTH, &hKey)) fails with the error no. 0x80090016 and 0x8009000f I want […] read more

Problematic Active Directory CA certificate

i came across one DC, which gives me RPC errors when dealing with AD Certificate Service.I can see in AD there is 2 Root CA , one is problematic. Is it safe to remove it? Or is there a procedure for this ? windows Server 2012 R2 Event «Active Directory […] read more

PC crashes on building a VS2008 WPF application

My PC crashes and restarts whenever i build a WPF application on my VS2008. I have no idea why this happens and i have collected the EventViewer logs for reference. One interesting thing to note is that the event source is from the .NET Runtime version 2.0.50727.3625 for a WPF […] read more

PFXExportCertStoreEx API not exporting private key to PFX file

I am trying to create creating a pfx file using PFXExportCertStoreEx API for a self-signed certificate and its corresponding private key. Self-signed Certificate exporting to pfx but private key not exporting to a pfx file. I set the export policy for the private key as below. export_policy = NCRYPT_ALLOW_EXPORT_FLAG | […] read more

Failure renewing root CA certificate — 0x80090016 NTE_BAD_KEYSET

We have a multi-tiered PKI infrastructure with a standalone, offline Root CA. Every year we go through a process of extending the root CA certificate (renewing while reusing existing keys) and reissuing the subordinate CA certificates. The server stays offline, except for that once per year process, when it is […] read more

Reporting Services 2008 Service Account error

I saved over the encryption key backup file when changing from one account to another. Now I can’t see reports, change accounts, or use any of the Encryption key tools in the configuration manager. I receive a > «Creating Encryption Key Backup» error 0x80090016 . Does anyone know how to […] read more

Windows Server 2003 R2 Enterprise Edition

I am using Windows Server 2003 R2 and want to schedule a task using Task Scheduler but it gives the following error. 0x80090016: Keyset does not exist. Both Task scheduler and Protected storage service are running. Kindly help me how to resolve the issue? Thanks in advance. read more

CertUtil importpfx Keyset does not exist

I have a p12 file, ‘test.p12,’ that has a certificate, the CA cert (self-signed), and private key for the certificate. The p12 file is generated using the BouncyCastle’s C# API. When trying to import the certificate by using ‘CertUtil’, i.e., ‘CertUtil -f -p password -importpfx test.p12,’ CertUtil generates the following […] read more

Getting md5 hash code for dll file in c++

Hi guys i am trying to get dll md5 hash but it is returning same value all the time, what i did wrong? this dll is already loaded when i am trying to getHash i am getting hash with getHash() method and calculating it with CalcHash thnks in advanced. #define […] read more

What exactly is a «persisted private key»?

I’m trying to use Microsoft’s Crypto API to do some RSA. On Windows Vista and above, my code runs without problem. CryptAcquireContext(&m_hCryptProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, 0); Unfortunately, on the two Windows XP machines that I have tried, I get error code NTE_BAD_KEYSET (0x80090016). A little bit of googling found this […] read more

Translate WinApi Crypt to the .NET Framework System.Security.Cryptography

I would like to ask for a help with refactoring following C# code. The target is to remove all external WinApi call and replace them with methods from System.Security.Cryptography namespace. private static IntPtr GenerateKey(IntPtr hCryptProv, byte[] keyData) { var hHash = IntPtr.Zero; Win32.CryptCreateHash(hCryptProv, Win32.CALG_MD5, IntPtr.Zero, 0, ref hHash); var len […] read more