Re: Security Error
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: Sat, 18 Dec 2004 08:08:58 -0800
where is the client certificate and key stored? in the local machine
account or the administrator account? If it is the former, you can add user
permissions to this key. If it is the latter, this is not possible as the
user DPAPI protection will block the key from being decrypted.
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. Top Whitepapers: Auto-enrollment whitepaper: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx Best Practices for implementing Windows Server 2003 PKI: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx Troubleshooting Certificate Status and Revocation whitepaper: http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx Windows Server 2003 web enrollment and troubleshooting guide: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx Windows Server 2003 web enrollment and troubleshooting guide: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx "InsDivision_6" <InsDivision6@discussions.microsoft.com> wrote in message news:F1EF2E62-291C-4058-A695-63B07E61B27E@microsoft.com... > Well... I tried that. WinHttpCertCfg returns message: > > NT AUTHORITY\SYSTEM has already access. . . > > However the problem remains. I have to run the program as a part of a > service that runs under local SYSTEM account. As oon as I perform login > using account with Administrator rights, everything works. > > Thanks for reply anyway. > > "Anand Abhyankar [MS]" wrote: > >> Looks like the LocalSystem account does not have access to the private >> key. >> Check: >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/winhttpcertcfg_exe__a_certificate_configuration_tool.asp >> >> you can also get more info on the error >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/error_messages.asp >> >> -- >> Thanks, >> Anand Abhyankar [MS] >> >> ---- >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> "InsDivision_6" <InsDivision6@discussions.microsoft.com> wrote in message >> news:202E076F-34A5-4F97-A06D-D1A10D21BC2F@microsoft.com... >> > Trying to execute HTTPS request via WinHttp. Request requires Client >> > Certificate. Everything works OK, when the program executes under >> > Administrator account. Fails under LocalSystem account with error >> > "Securit >> > Error" 12175 while sending HTTP request. What's wrong here? Is it >> > account-related or certificate-related problem? What is the best way >> > to >> > fix >> > that? Switching service (program will work, as a part of the service) >> > to >> > Administrator account is not desireable option. >> > >> > Thank you. >> >> >>