Sitecore – System.Security.Cryptography.CryptographicException

All we need is an easy explanation of the problem, so here it is.

Hi and thank you for your help. We’re trying to keep a Sitecore site up and running on a WS 2008 R2 Standard server but keep running into the following exception:

System.Security.Cryptography.CryptographicException

The site is set up to run in its own App Pool with the 2.0 framework
version selected and integrated pipeline mode.

The site will run fine for a few minutes but then the app pool ends up
being stopped with the following details:

“Application pool ‘######’ is being automatically disabled due to a
series of failures in the process(es) serving that application pool.”

Checking the Application log show the following:

An unhandled exception occurred and the process was terminated.

Application ID: /LM/W3SVC/4/ROOT

Process ID: 5156

Exception: System.Security.Cryptography.CryptographicException

Message: The system cannot find the path specified.

StackTrace: at
System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32
hr) at System.Security.Cryptography.SafeKeyHandle._FreeHKey(IntPtr
pKeyCtx) at
System.Security.Cryptography.SafeKeyHandle.ReleaseHandle() at
System.Runtime.InteropServices.SafeHandle.InternalFinalize() at
System.Runtime.InteropServices.SafeHandle.Dispose(Boolean disposing)
at System.Runtime.InteropServices.SafeHandle.Finalize()

A tip on one site I found said to make sure that the account that the site is running under is a member of the Cryptographic Operators group which I did. Sadly the site continued to fail.

Any help would be appreciated. Thank you!

EDIT

After I implemented the first answer below I took another look at the server Application logs and it looks like every time the app pool goes down the following warning happens first:

Windows detected your registry file is still in use by other
applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function
properly afterwards.

Event 1530, User Profile Service DETAIL – 2 user registry handles
leaked from
\Registry\User\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965:
Process 3260
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965
Process 3260
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Policies\Microsoft\SystemCertificates

And another example:

Windows detected your registry file is still in use by other
applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function
properly afterwards.

DETAIL – 13 user registry handles leaked from
\Registry\User\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965:
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Microsoft\SystemCertificates\TrustedPeople
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Microsoft\SystemCertificates\trust
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Microsoft\Windows
NT\CurrentVersion Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Policies\Microsoft\SystemCertificates
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Microsoft\SystemCertificates\Root
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Microsoft\SystemCertificates\My
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Microsoft\SystemCertificates\CA
Process 5228
(\Device\HarddiskVolume3\Windows\System32\inetsrv\w3wp.exe) has opened
key
\REGISTRY\USER\S-1-5-82-3231641130-1035467585-39029555-2466166849-1382764965\Software\Microsoft\SystemCertificates\Disallowed

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

This might help: Running Sitecore 6 on Windows 7′S IIS.

It basically says to add this in your global.asax:

public void Application_Start() {
  System.Security.Cryptography.RSACryptoServiceProvider.UseMachineKeyStore = true;
  System.Security.Cryptography.DSACryptoServiceProvider.UseMachineKeyStore = true;
}

Method 2

Setting up the application pool to 4.0 framework fixed the issue.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply