0 votes

We have multiple servers in our Adaxes cluster. One of the servers is throwing an error of "Access is denied." before a login page even comes up. I looked at the app pool and several folders and didn't see anything different. What could be causing this?

[CryptographicException: Access is denied. ] System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +43 System.Security.Cryptography.Utils._GenerateKey(SafeProvHandle hProv, Int32 algid, CspProviderFlags flags, Int32 keySize, SafeKeyHandle& hKey) +0 System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +575 System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +139 System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) +208 Softerra.Adaxes.Web.Infrastructure.AccessControl.CryptoManager.CreateRsaAlgorithm() +130 Softerra.Adaxes.Web.Infrastructure.AccessControl.CryptoManager.GetPublicKey() +26 Softerra.Adaxes.Web.App.Core.Controllers.HomeController.Index(String configurationName, Boolean legacyRequest, String legacyPage) +1534 lambda_method(Closure , ControllerBase , Object[] ) +247 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +35 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +39 System.Web.Mvc.Async.WrappedAsyncResult2.CallEndDelegate(IAsyncResult asyncResult) +77 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.<>cDisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b0() +80 System.Web.Mvc.Async.<>cDisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b2() +396 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.<>cDisplayClass3_6.<BeginInvokeAction>b4() +50 System.Web.Mvc.Async.<>cDisplayClass3_1.<BeginInvokeAction>b1(IAsyncResult asyncResult) +188 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +38 System.Web.Mvc.<>c.<BeginExecuteCore>b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState) +29 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +73 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +52 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +39 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38 System.Web.Mvc.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState) +43 System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +73 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +431 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +75 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +158

image.png

by (2.3k points)

1 Answer

0 votes
by (288k points)
selected by
Best answer

Hello Mark,

According to the message, the issue occurs because the account of the application pool used for Adaxes Web Interface does not have access to encryption keys. To remedy the issue:

  1. Launch elevated command prompt.
  2. Navigate to folder C:\Windows\Microsoft.NET\Framework64\v4.0.30319\.
  3. Execute the following command:
    aspnet_regiis.exe -pc Softerra.Adaxes.WebUI.CryptKeys
  4. Execute the following command:
    aspnet_regiis.exe -pa Softerra.Adaxes.WebUI.CryptKeys "Authenticated Users"
  5. Restart IIS and check whether the issue persists.
0

Hello Mark,

It looks like the file was not properly created and thus the permissions cannot be granted. To remedy the issue, please, do the following:

  1. On the file system, navigate to folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
  2. Find a file whose name starts with cb1d635e0f5a790c285b468d934b0aab.
  3. Launch elevated command prompt.
  4. In the command prompt, navigate to folder C:\Windows\Microsoft.NET\Framework64\v4.0.30319.
  5. Execute the following command:
    aspnet_regiis.exe -pz Softerra.Adaxes.WebUI.CryptKeys
  6. On the file system, check whether the file whose name starts with cb1d635e0f5a790c285b468d934b0aab still exists.
  7. If it does, remove the file manually or just move it to a different location.
  8. Refresh the Web Interface page.
0

Ran the command under an elevated prompt and got this message: image.png The file was still there. In order to remove the file, I had to take ownership of the file to remove it. I refreshed the page and got this message: image.png I attempted to run the command again and got the same error.

0

Hello Mark,

It looks like the issue occurs because the default permissions granted to the account under which the application pool runs over the file are not enough. To remedy the issue, please, do the following:

  1. Make sure that the application pool used for Adaxes Web Interface runs under the Network Service identity.
  2. Launch elevated command prompt.
  3. Execute the following command:
    aspnet_regiis.exe -pa Softerra.Adaxes.WebUI.CryptKeys "NetworkService" –full
  4. Check whether the issue persists.
0

IIS: image.png

Command: image.png

Web Interface Error: image.png

Should I just re-install the web configuration part? The console seems to be fine.

0

Hello Mark,

Unfortunately, there is no possibility to re-install only the Web Interface component, it can only be done for all the components installed on a computer. If it is convenient, please, give the re-install a try.

Related questions

0 votes
1 answer

Hi All, We have a reoccuring "Access is Denied" error for our Web Interface sites. This started frequently after upgrading to 2018 version and frequent reboots seem to clear ... the website, restarted the app pool. Still the same error - any advice? Thanks!

asked Jan 4, 2019 by jmarcellus (50 points)
0 votes
1 answer

Hello, I have tested an upgrade from 2017.2 to 2018.2. Everything is fine exept that when I tried to change somethings in a custom web site from /AdaxesConfig I get a ... 2 I restored all web sites from the backup but not the services. Thanks for you help.

asked Oct 24, 2018 by tentaal (1.1k points)
0 votes
0 answers

Hi Evryone, I am trying to set up an external portal within a new webserver on dmz, and with only access to a webservice created from selfservice. The new webservice is only ... login, only reset password. What I am mising there that its not working? Thanks,

asked Nov 26, 2021 by yagoityd (20 points)
0 votes
1 answer

Since upgrading to 2019.2 I am no longer able to run scheduled reports, either automatically or manually. When looking at the log I see it fails at the "generate report ... is attempting. I can run the report directly with no problem. Can anyone help? Thanks,

asked Nov 21, 2019 by rossb (20 points)
0 votes
1 answer

When trying to modify any user settings from reset password to disable or enable I'm getting the error access is denied. This is only from the helpdesk or admin url's ... find the following error "Access Control Processor: Access is denied. " what am i missing

asked May 17, 2017 by david.smith (50 points)
3,542 questions
3,233 answers
8,227 comments
547,808 users