Unable to create AES cluster checkpoint on Server 2003

From: Michael Stangel (mstangel_at_AetherSystems.com)
Date: 09/25/03 

Date: Thu, 25 Sep 2003 09:09:12 -0700

Greetings,

I'm using the AES algorithm on Windows Server 2003 ("")
and it works fine on a single node, but when I try to
create a checkpoint for my key container in the MS Cluster
system, I'm getting an error. Here's what's happening:

When I call ClusterResourceControl
(CLUSCTL_RESOURCE_ADD_CRYPTO_CHECKPOINT) it returns error
1168 (ERROR_NOT_FOUND). However, subsequent calls to
ClusterResourceControl
(CLUSCTL_RESOURCE_GET_CRYPTO_CHECKPOINTS) indicate that
the checkpoint exists. But when we try to fail over the
cluster, we discover that the key container has not been
replicated.

If I then call ClusterResourceControl
(CLUSCTL_RESOURCE_DELETE_CRYPTO_CHECKPOINT) it returns
error code 2 (ERROR_FILE_NOT_FOUND) but then subsequent
calls to ClusterResourceControl
(CLUSCTL_RESOURCE_GET_CRYPTO_CHECKPOINTS) indicate that
the checkpoint no longer exists.

Any ideas what could be going on here? The checkpoint
string that I'm passing is L"24\\Microsoft Enhanced RSA
and AES Cryptographic Provider\\[my_key_container_name]"

I've confirmed that the registry shows a CSP by this name
whose type is 24.