Error "The specified network password is not correct." or "The requested key container was not found."

From OPC Labs Knowledge Base
Jump to navigation Jump to search

Symptoms

Cause

Resolution

In order to resolve the issue, give Write permissions to the C:\ProgramData\Microsoft\Crypto\RSA folder.

Texts in parenthesis are for German Windows.

  1. In Windows File Explorer, navigate to C:\ProgramData\Microsoft\Crypto\RSA .
  2. Right-click on the MachineKeys folder, and select the Properties (Eigenschaften) command.
  3. In the MachineKeys Properties (Eigenschaften von MachineKeys) dialog, switch to the Security (Sicherheit) tab.
  4. Press the Advanced (Erweitert) button.
  5. In the Advanced Security Settings for MachineKeys (Erweiterte Sicherheitseinstellungen für "MachineKeys") dialog, press the Change permissions (Berechtigungen ändern) button.
  6. Press the Disable inheritance (Vererbung deaktivieren) button, and confirm the default selection, which is to convert the inherited permissions into explicit permissions.
  7. Back in the Advanced Security Settings for MachineKeys (Erweiterte Sicherheitseinstellungen für "MachineKeys") dialog, select the row with permission entries for Everyone (Jeder), and press the Edit (Bearbeiten) button.
  8. In the Permission Entry for MachineKeys (Berechtigungseintrag für "MachineKeys") dialog, under the Basic permissions (Grundlegende Berechtigungen), enable the checkbox next to the Write (Schreiben) permission.
  9. Press OK to close the Permission Entry for MachineKeys (Berechtigungseintrag für "MachineKeys") dialog.
  10. Press OK to close the Advanced Security Settings for MachineKeys (Erweiterte Sicherheitseinstellungen für "MachineKeys") dialog.
  11. Press OK to close the MachineKeys Properties (Eigenschaften von MachineKeys) dialog.

More information

QuickOPC uses OPC Foundation code for certificate operations. The code makes temporary copies of PFX certificates with private keys in a key container, because all private keys used for cryptography operations must be in some key container. Write access to the container is therefore needed.

The recommended resolution may have security implications and it is up to you to assess their impact. QuickOPC, however, cannot work without the Write permission to the specified key container. The steps outlined in the solution give this permission to the Everyone group, because that is how it is set on "normal" Windows installations that we have observed. It might be possible to limit it to just the user(s) that are running the application.

This approach works well on most new Windows installations, as the Write permission on the affected key container is already granted. Around some time in year 2020, we started getting reports from customers about "The specified network password is not correct." error on some computers. It has not been determined so far why the default settings on these computers are different.

See also

https://stackoverflow.com/questions/22581811/invalid-provider-type-specified-cryptographicexception-when-trying-to-load-pri

https://docs.microsoft.com/en-US/troubleshoot/windows-server/windows-security/default-permissions-machinekeys-folders