In this case, a friend of mine was complaining that from some reason he was unable to sign documents on web site which requires to proof his identity with certificates stored on token. The client operating system was Windows 8. Instead of a popup for token pin, there was an error message (WinCAPICryptoProvider() - Error obtaining generating internal key store for PROV_RSA_FULL):
I was suspecting that something was wrong with user's certificate. Certmgr.msc and personal folder was showing his certificates, and all of them were having the private key. Since all of the certificates were stored on a token, I have deleted all the certificates from the personal certificates store. After reinserting the usb token, certificate propagation service has successfully copied certificates from the token into user's certificate personal store. I was hoping that the problem has been successfully solved, but the same message from internet explorer has popped out, and he was unable to sign the documents.
Next, I have checked the activex component. The web site for signing documents was using ActiveX component, and that component was installed and was not disabled in internet explorer. The web site was located in trusted site zone.
Now, before creating new user profile, and migrating all the documents and settings from the old to the new profile, I have decided to check the crypto folder. The location of this folder is in following path C:\Users\Username\AppData\Roaming\Microsoft\Crypto\RSA\User's SID. First, I have backed up User's SID folder, and after that deleted the folder from C:\Users\Username\AppData\Roaming\Microsoft\Crypto\RSA location.
And finally, when he accessed the web site to sign the documents there was a popup to enter the PIN from the token, and he was able to sign the documents. The case was successfully closed.
I was suspecting that something was wrong with user's certificate. Certmgr.msc and personal folder was showing his certificates, and all of them were having the private key. Since all of the certificates were stored on a token, I have deleted all the certificates from the personal certificates store. After reinserting the usb token, certificate propagation service has successfully copied certificates from the token into user's certificate personal store. I was hoping that the problem has been successfully solved, but the same message from internet explorer has popped out, and he was unable to sign the documents.
Next, I have checked the activex component. The web site for signing documents was using ActiveX component, and that component was installed and was not disabled in internet explorer. The web site was located in trusted site zone.
Now, before creating new user profile, and migrating all the documents and settings from the old to the new profile, I have decided to check the crypto folder. The location of this folder is in following path C:\Users\Username\AppData\Roaming\Microsoft\Crypto\RSA\User's SID. First, I have backed up User's SID folder, and after that deleted the folder from C:\Users\Username\AppData\Roaming\Microsoft\Crypto\RSA location.
And finally, when he accessed the web site to sign the documents there was a popup to enter the PIN from the token, and he was able to sign the documents. The case was successfully closed.
I must say that this is an excellent post, and I appreciate the details about Error obtaining generating internal key store for PROV_RSA_FULL. You expressly make reference to one of the issues raised during the 18 Years Scale discussion. Your arguments are so strong that I want to read more of your views. However, I'm looking for the arts and architecture assignment help service right now for a school assignment. I gain from this, and I finish my duty more swiftly. The vast material on the website is useful to all students.
ReplyDeleteThis article is very informative. I like it. Now you can visit it yoga classes in mirdif for more information.
ReplyDelete