locked
Facing "Keyset does not exist" Error RRS feed

  • Question

  • Hi All,

    I have created a HealthVault application. As I run my application from Visual Studio IDE it is running fine. But as I deploy my application on IIS, it gives me this error: "Keyset does not exist".

    In the HealthVault Application Manger tool I have already performed Grant Access to IIS Process operation on my application's certificate.
    I have also run the winhttpcertcfg tool and verified that ASPNET user has authorization to access my application's certificate.

    Am I missing something here?

    Please help me in this. Thanks in advance.
    Wednesday, July 1, 2009 1:53 PM

Answers

  • I still think that the problem you have is because the user under which IIS is running does not have access to the certificate.  #3 in the link provided.

    The last resort I was suggesting was to export and reimport the certificate manually - since I have seen in very few cases where Application manager import caused some permission issues.

    Run C:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc (assuming you have installed SDK on the machine)
    Go to Personal\Certificates folder
    Export the certficate from the cerfiticate store as .pfx by right clicking and choosing Export option
    Delete the certificate from certificate store
    Import the certicate to the same folder
    Run following as a batch file (assuming you are using XP)

    ECHO OFF
    SET WC_CERTNAME=WildcatApp-XXXXXXXXXX (fill ur cert name here)
    winhttpcertcfg.exe -g -a %COMPUTERNAME%\ASPNET -c LOCAL_MACHINE\My -s %WC_CERTNAME%
    winhttpcertcfg.exe -g -a %COMPUTERNAME%\IUSR_%COMPUTERNAME% -c LOCAL_MACHINE\My -s %WC_CERTNAME%
    SET WC_CERTNAME=""
    ECHO ON

    After that run

    winhttpcertcfg.exe -l -c LOCAL_MACHINE\My -s WildcatApp-XXXXX and ensure the permissions are set correctly for ASPNET and retry the page again after iisreset.

    Raj






    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    • Marked as answer by Pankaj Kohre Thursday, July 2, 2009 10:01 AM
    Thursday, July 2, 2009 9:31 AM

All replies

  • While there could be many reasons (like permissions, not having private key to name a few) why you get this error, you may want to start the debug process by running the "TroubleShooter" page that gets installed with HealthVault SDK.  Copy the the troubleshooter page to your project run it under the same application in IIS.  This should give you some hints on where the problem is.

    Also, is your IIS application running under default application pool? (NETWORK_SERVICE).  If it is running under a different identity, you need to give access to certificate to that identity.

    Finally, another thing you may want to try is to export the certificate from certificate store as pfx (with private key), delete the certificate from local computer certificate store, and get it reimported using the certificates.msc (and not HealthVault application manager) (certificates.msc link is in the Tools folder on SDK) - and then run winhttpcertcfg again. 

    HTH

    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Wednesday, July 1, 2009 2:54 PM
  • Hi Rajesh,


    Thanks for reply. Well I tried your solutions. First I ran the "TroubleShooter" page under my website in IIS. It indicated following problem:
    Application IdCertificate(WildcatApp-54ede20d-49ea-4f39-bc28-acbca711d1e9) cannot be accessed

    I clicked this link and there were mentioned three possible causes. I checked for all three but none of them was there with my application.
    Than I checked the application pool under which IIS application is running. My IIS application is running under ASPNET user, which has access to private key. I checked it with winhttpcertcfg.exe.

    Than I came to the third solution you mentioned but I could not find certificates.msc link anywhere in the Tools folder on SDK. Please could you be more descriptive.

    Regards,
    Pankaj

    • Edited by Pankaj Kohre Thursday, July 2, 2009 8:06 AM Wrong formatting
    Thursday, July 2, 2009 8:06 AM
  • I still think that the problem you have is because the user under which IIS is running does not have access to the certificate.  #3 in the link provided.

    The last resort I was suggesting was to export and reimport the certificate manually - since I have seen in very few cases where Application manager import caused some permission issues.

    Run C:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc (assuming you have installed SDK on the machine)
    Go to Personal\Certificates folder
    Export the certficate from the cerfiticate store as .pfx by right clicking and choosing Export option
    Delete the certificate from certificate store
    Import the certicate to the same folder
    Run following as a batch file (assuming you are using XP)

    ECHO OFF
    SET WC_CERTNAME=WildcatApp-XXXXXXXXXX (fill ur cert name here)
    winhttpcertcfg.exe -g -a %COMPUTERNAME%\ASPNET -c LOCAL_MACHINE\My -s %WC_CERTNAME%
    winhttpcertcfg.exe -g -a %COMPUTERNAME%\IUSR_%COMPUTERNAME% -c LOCAL_MACHINE\My -s %WC_CERTNAME%
    SET WC_CERTNAME=""
    ECHO ON

    After that run

    winhttpcertcfg.exe -l -c LOCAL_MACHINE\My -s WildcatApp-XXXXX and ensure the permissions are set correctly for ASPNET and retry the page again after iisreset.

    Raj






    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    • Marked as answer by Pankaj Kohre Thursday, July 2, 2009 10:01 AM
    Thursday, July 2, 2009 9:31 AM
  • Hi Rajesh,


    Thanks for reply. I exported and reimported the certificate manually as you directed and it worked correctly. But let me mention here certificate should be exported with private key otherwise it will not work. Thanks again for providing the solution.

    Regards,
    Pankaj


    • Edited by Pankaj Kohre Thursday, July 2, 2009 10:01 AM Wrong formatting
    Thursday, July 2, 2009 10:01 AM