none
ADFS RapidrecreationTool restore error RRS feed

  • Question

  • Hi there,
    I Need help with the ADFSRapidrecreationtool.

    i receive the following error when try to restore an AD FS V4 farm with ADFSRapidRecreationTool (i've used this tool a lot of time without problem before)

    error:
    restore-ADFS : Key not valid for use in specified state

    The trace log files referred to the following event:
    Failed to update certificate permissions.

    i've also checked that the Adfs service account and the adfssrv local account have the correct permissions to the private key for my certificates

    Below, the last lines of trace file:
    [15:29:36] [INFO] Microsoft.IdentityServer.Deployment.Core.Result{Context=DeploymentSucceeded,Message=The configuration completed successfully.}
    [15:29:36] [INFO] Attempting to grant access to the following key User NT Service\adfssrv : storeName My : storeLocation LocalMachine : cert thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxx
    [15:29:36] [INFO] Detected security key format CNG
    [15:29:36] [ERROR] Failed to update certificate permissions
    [15:29:36] [ERROR] System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

    at System.Security.Cryptography.NCryptNative.GetProperty(SafeNCryptHandle ncryptObject, String propertyName, CngPropertyOptions propertyOptions, Boolean& foundProperty)
    at System.Security.Cryptography.CngKey.GetProperty(String name, CngPropertyOptions options)
    at Microsoft.ADFSRapidRecreationTool.Crypto.X509KeyManagement.AddAclCngKey(Logger log, X509Certificate2 certificate, CryptoKeyAccessRule ACL)
    at Microsoft.ADFSRapidRecreationTool.Crypto.X509KeyManagement.GrantPrivateKeyPermissions(Logger log, StoreName storeName, StoreLocation storeLocation, String certThumbprint, String account)

    Someone have already see this error ?
    any solution ?
    Thanks a lot for your help

    Wednesday, June 10, 2020 3:13 PM

All replies