Regresar
-
Título
Error "Key not valid for use in specified state" when trying to log in to the application server -
Descripción
When attempting to log in to the Application Server, an error is thrown. The following message is present in the logs:
"[System.Security.Cryptography.CryptographicException] Key not valid for use in specified state."
-
Causa
The app pool for the site does not have sufficient rights to the private key of the token certificate. -
Resolución
There are two known root causes at this time.
SOLUTION 1:
Ensure that when the Certificate was imported onto the Web Server, the option "Mark this key as Exportable" was selected.
SOLUTION 2:
Grant the necessary rights to the application pool using the Certificates snap-in under the Microsoft Management Console.
- Open the Microsoft Management console (type "MMC" in the Start Menu).
- Under "Certificates (Local Computer)" select "Personal" and then "Certificates". (Please see additional instructions below if "Certificates" is not present).
- Right-click on the certificate for the Application Server and select "All Tasks > Manage Private Keys..."
- Add the Read permission for the application pool.
If the "Certificates (Local Computer)" option is not present in MMC, follow these steps to add it:
- Open the File menu and select "Add/Remove Snap-in".
- From the "Available snap-ins" list add "Certificates".
- Set the snap-in to manager certificates for "Computer account".
- On the Select Computer screen select "Local computer".
- Click on "Finish".