cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SMP3 - Agentry - Error loading cryptography keys

Go to solution
Former Member

on ‎06-11-2014 4:08 PM

0 Kudos

I have installed SMP3.0 SP03 and have an Agentry application configured in the Cockpit.  I have an application (which will connect to SAP via the java connection).  I have published the application, stopped the SMP3 service, restarted the SMP3 service, and I get the following error in the "startup.log" file.

"Event: 0, 2, Error loading cryptography keys: Unable to open or read a keystore: Object already exists."


I have read other threads to where I should try running the service as Administrator.  I have even put the sapsmpserviceuser in the "Administrators" group to verify there is sufficient authority to the server.  Neither of these options resolved the issue.  I have installed the "smp_crt.cer" on the server. 


What can I do, where can I look to further investigate what the Agentry server portion of the SMP3 service is needing?  I also read in another question/thread that running as "Administrator" is one option and the other option is to "recreate the crypto key".  How is that accomplished?

-- Ed

Tags edited by: Michael Appleby

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-11-2014 7:31 PM
0 Kudos

See SAP Note: http://service.sap.com/sap/support/notes/2008882

Show replies
Show replies
Former Member
‎06-12-2014 2:39 AM
0 Kudos

Thanks for the info Steve. I tried the 3rd option (run as Administrator).  This did not work.  I then did the 4th option to run the command (and the CMD window is "Run As Administrator"):

C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pa "C:\SAP\MobilePlatform3\Server\configuration\com.sap.mobile.platform.server.agentry" smpServiceUser

Everything is installed in in this location with this service user.  When executed, it fails with this message:

Microsoft (R) ASP.NET RegIIS version 4.0.30319.18408

Administration utility to install and uninstall ASP.NET on the local machine.

Copyright (C) Microsoft Corporation.  All rights reserved.

Adding ACL for access to the RSA Key container...

The RSA key container was not found.

Failed!

Why would it not find the RSA key container?  What specifically is it looking for that is missing?

-- Ed

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎06-13-2014 12:00 AM
0 Kudos

Ed,

The other option is to manually delete the RSA keys so the server will re-create them then next time the server starts.  The hardest part is determining which key belongs to the SMP3 Agentry server.

  1. Navigate to the C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys folder
  2. As an administrator edit the files using a text editor and look for the path to your SMP3.0 server installation.  You are looking for a reference to the directory where your SMP3.0 server is installed.
  3. Delete the key (will probably need admin rights to do so) or move it to a temporary folder
  4. Restart the SMP3.0 server as a user (using the Service\go.bat)
  5. You sholud see the key recreated as the same filename
  6. Verify the key loaded in your startup.log file

Alternatively for step 2 you can move all the files out of the directory to a temporary location and then start the SMP3.0 server.  Once you see what the filename is move back all the other files except for the one for the SMP3.0 server.

Good luck!

--Bill

Former Member
‎06-13-2014 2:44 AM
0 Kudos

Thank you, Bill.  For anyone's reference who is reading this thread, the solution is that there was a key file in the MachineKey's file for the Agentry Server that, for whatever reason, had security that no one (or process) could access it.  I took ownership of it, deleted it, then allowed it to be recreated (per the instructions above), the Agentry server then started up correctly without the crypto error.

-- Ed

Former Member
‎08-30-2014 7:52 PM
0 Kudos

Hi Ed,

I have been facing this with my vaio windows8 OS.

i was not able to locate the users folders as said in bill reply, however, in the below directory could see the files.

Are these the files we need to delete adn restart SMP.

Directory: C:\Windows\WinSxS\FileMaps

programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58

programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4

Please let me know your thoughts on how to get resolve this agetry issue for SMP 3.0 - windows 8 system?

Even after running Go.bat as Admin, i still get the below error in agentry startup.

22:06:39 08/30/2014: Event: 0, 2, Loading the Agentry Runtime's public/private key for password exchanges.

22:06:39 08/30/2014: Event: 0, 2, Error loading cryptography keys: Unable to open or read a keystore: Object already exists.

Thanks,

Jilan

Former Member
‎08-30-2014 8:22 PM
0 Kudos

Jilan,

Look at the path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

Stephen

Former Member
‎09-02-2014 1:33 PM
0 Kudos

Jilan,

They are in the path "C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys".  There will be one that if you view it via a Text editor, you'll see the path to your SMP installation.  That's the key file you'll need to delete (when SMP is not running).  It will be re-created when you start SMP back up.

  Ed

Former Member
‎09-02-2014 3:07 PM
0 Kudos

Thanks Ed.

The path is different for Windows8, as given by stephen, i have deleted couple of files(THough i wasnt really sure about verifying SMP path in it) which were installed either SMP or previous Agentry server version.

Next time, when i restart the SMP 3.0 server, i see the key pair is recreated and its fine in Agentry start up logs.

This problem is solved, thanks.

I am still behind Communication Error (14) looking for help in other threads.

Thanks Ed & Stephen.

With Best Regards,

Jilan

Former Member
‎02-16-2016 4:20 PM
0 Kudos

This message was moderated.

Answers (0)

Ask a Question