I ran across an interesting problem today at a customer that I thought I’ll share with you. The background to the problem is that a SharePoint server 2007 farm needed to be moved to another AD (don’t ask why it was there in the first place…) and since we needed new service accounts the farm was taken down, servers where moved and then the farm was installed again on the same servers. So far no problem at all and the installation ran successfully. But when I looked in the event viewer I saw that every minute on all servers in the farm I got the following Event ID 6482 every minute.
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchAdminSharedWebServiceInstance (6b98c51f-116c-49f0-9aa6-4207555ed2f8).
Reason: The handle is invalid.
Techinal Support Details:
System.Security.Cryptography.CryptographicException: The handle is invalid.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean
andomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at Microsoft.SharePoint.Utilities.CertificateManager.CreateSelfSignedSslCertificate(CspParameters parameters, X500DistinguishedName name, DateTime expiresAfter)
at Microsoft.SharePoint.Administration.SPProvisioningAssistant.ProvisionIisWebSite(String serverComment, String[] serverBindings, String[] secureBindings, AuthenticationMethods authenticationMethods, String[] authenticationProviders, String path, AccessFlags accessFlags, String applicationName, String applicationPoolId, String[] scriptMaps, String sslCertificateSubjectName)
at Microsoft.SharePoint.Administration.SPMetabaseManager.ProvisionIisWebSite(String serverComment, String[] serverBindings, String[] secureBindings, Int32 authenticationMethods, String[] authenticationProviders, String path, Int32 accessFlags, String applicationName, String applicationPoolId, String[] scriptMaps, String sslCertificateSubjectName)
at Microsoft.Office.Server.Administration.SharedWebServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
After some troubleshooting, googling and talking to the windows team I found that the folder:
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys most likely had the wrong permissions. One of the files located in the folder didn’t seemed to like the move and when trying to look at the permissions I got this:
Image may be NSFW.
Clik here to view.
So, what I did was that I gave the ownership of this folder to the local administrators group which is done in the following way:
Click Ok on the warning that is shown above.
Click on Advanced and then on the Owner tab.
Select administrators, and click Ok until all windows are closed
Open up the security dialogue again and add the local administrators group and click ok. Note that if you have moved the server from one AD to another you will most likely see the old AD account in the security list which should be deleted.
You should add the local Administrator group to the MachineKeys folder above an make sure that it inherits the permissions.
This should solve the problem for you.