(Re)installing MOSS 2007 on Server 2008 R2 I got this error:
Calling SPServiceInstance.Provision for instance Microsoft.Office.Excel.Server.ExcelServerSharedWebServiceInstance, service Microsoft.Office.Excel.Server.ExcelServerSharedWebService
Task services has failed with an unknown exception
Exception: System.Security.Cryptography.CryptographicException: Object already exists.at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at Microsoft.SharePoint.Utilities.CertificateManager.CreateSelfSignedSslCertificate(CspParameters parameters, X500DistinguishedName name, DateTime expiresAfter)
at Microsoft.SharePoint.Administration.SPProvisioningAssistant.ProvisionIisWebSite(String serverComment, String[] serverBindings, String[] secureBindings, AuthenticationMethods authenticationMethods, String[] authenticationProviders, String path, AccessFlags accessFlags, String applicationName, String applicationPoolId, String[] scriptMaps, String sslCertificateSubjectName)
at Microsoft.SharePoint.Administration.SPMetabaseManager.ProvisionIisWebSite(String serverComment, String[] serverBindings, String[] secureBindings, Int32 authenticationMethods, String[] authenticationProviders, String path, Int32 accessFlags, String applicationName, String applicationPoolId, String[] scriptMaps, String sslCertificateSubjectName)
at Microsoft.Office.Server.Administration.SharedWebServiceInstance.Synchronize()
at Microsoft.Office.Excel.Server.ExcelServerSharedWebServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.SharedWebServiceInstance.Provision()
at Microsoft.SharePoint.PostSetupConfiguration.ServicesTask.InstallServiceInstanceInConfigDB(Boolean provisionTheServiceInstanceToo, String serviceInstanceRegistryKeyName, Object sharepointServiceObject)
at Microsoft.SharePoint.PostSetupConfiguration.ServicesTask.InstallServiceInstances(Boolean provisionTheServiceInstancesToo, String serviceRegistryKeyName, Object sharepointServiceObject)
at Microsoft.SharePoint.PostSetupConfiguration.ServicesTask.InstallServices(Boolean provisionTheServicesToo)
at Microsoft.SharePoint.PostSetupConfiguration.ServicesTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()
This is actually a file permission error. Bring up properties for the folder C:\Users\all users\Microsoft\Crypto\RSA\MachineKeys, Advanced, Auditing tab, add Full Control for Everyone on the local machine for both failures and successes.
Run the configuration wizard again. It will still fail, but now you’ll know which file has the permissions error.
Bring up the Event Viewer, Security log. Compare the timestamp from the log to the failure audit: there’s your file. Correct permissions (probably take ownership and give yourself full control), run the Wizard again, it will succeed (at least for this step).
When you’re done, turn off the file auditing.
1 comment:
Sort of accurate, but not fully descriptive.
Anyone getting this error needs to understand they need to have both Ownership of the folder, but also ownership and full control rights of the files within it. Whether that means they are an Administrator (part of the local Administrators group) and Admins have Ownership of the folder, then Ownership and Full Control rights of the files within -- OR -- they are a simple user, but therefore part of the Everyone group, which then needs Ownership of the folder and Ownership and Full Control rights of the files, propagated down from above, from which Everyone is granted Full Control.
You must therefore set the Ownership of "C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys" (Windows 7) to one of those 2 groups, depending on your use-case (maybe you only want Admins using your program??), but select "Replace owner on subcontainers and objects" when setting the Owner. This makes the files within have the correct Ownership. Then, when you are applying permissions, go to Security > Advanced > Change Permissions > select the group, select "Replace all child permissions with inheritable permissions from this object", and click Edit. Then select every "Allow" checkbox, click OK on each dialog box all the way out to apply the permissions to both the folder and the files within.
Post a Comment