Re: "Keyset does not exist" after change password
From: danc (anonymous_at_discussions.microsoft.com)
Date: 02/26/04
- Next message: Shawn Corey [MSFT]: "Re: Additional stores in CAPICOM IsValid"
- Previous message: lelteto: "Re: DES and Random number"
- In reply to: Ryan Menezes [MSFT]: "Re: "Keyset does not exist" after change password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Feb 2004 10:51:05 -0800
Ryan,
Thanks for the post. I am checking if this is an NT 4 domain. However the desktop the application is running on is Windows 2000 SP1. Do you know if the MasterKeyLegacyNt4Domain fix will also work on that OS?
Incidentally, I am not using the DPAPI--I am using the CryptoAPI directly. Also, my app is the only one loosing its keys. For example, if a user saves their password in dial-up networking, they don't loose it (I belive DUN also stores passwords using a private key that is not accessible to other users).
Dan
----- Ryan Menezes [MSFT] wrote: -----
This is most likely related to DPAPI not being able to decrypt the container
data.
Is this a Windows NT4.0 domain?
Please lookup the following KB articles
http://support.microsoft.com/default.aspx?scid=kb;en-us;331333
http://support.microsoft.com/default.aspx?kbid=309408
Thanks,
Ryan Menezes[MS]
This posting is provided "AS IS" with no warranties, and confers no rights
"danc" <anonymous@discussions.microsoft.com> wrote in message
news:813C425B-B898-47D9-BE63-EB958738A058@microsoft.com...
> I am reposting this question in a slightly different way hoping that
somebody has experienced this before...
>> My customer changes their domain password as follows:
> 1. logs onto network
> 2. Ctrl+Alt+Del, choosing Change password tab
> 3. Changes the password
> 4. Logs off computer and re-logs on using same account
> 5. My application then returns "Keyset does not exist" when it calls
CryptAcquireContext to open my keyset.
>> Here is relevant parts of my code:
>> // Attempt to acquire a context with the key container
> CString m_KeyContainerName = "MyAppsContainer";
> HCRYPTPROV m_hCsp;
> if ( !::CryptAcquireContext( &m_hCsp, m_KeyContainerName,
MS_ENHANCED_PROV, PROV_RSA_FULL, 0 ) ) {
> // Could not find the key container.
> // Try to create it now
> if ( !::CryptAcquireContext( &m_hCsp, m_KeyContainerName,
MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET ) ) {
> // Could not create a key container
> }
> }
>> Whenever the user changes their domain password, the first call to
CryptAcquireContext(0) returns 0x80090016 "keyset does not exist" and the
call to CryptAcquireContext( CRYPT_NEWKEYSET) returns 0x8009000F "object
already exists" (which does not make sense since the previous call said it
didn't exist, assuming the object in question is the keyset). The way the
application is designed, each user is not an admin and gets his/her own
unique key container.
>> Any help would be greatly appreciated.
>> Thanks in advance,
>> Dan
>
- Next message: Shawn Corey [MSFT]: "Re: Additional stores in CAPICOM IsValid"
- Previous message: lelteto: "Re: DES and Random number"
- In reply to: Ryan Menezes [MSFT]: "Re: "Keyset does not exist" after change password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
