Creating an RSA Key container sometimes it works sometimes it does not

Question

For the past few days I've been baffled by a weird problem.

When trying to create an RSA Key Container like below (from a cmd admin window):

aspnet_regiis -pc "MyKeyContainer" -exp

I get the following error:

Creating RSA Key container... The RSA key container could not be opened. Failed!

This seems to work fine in some servers and fail in some others and for the life of me I cannot figure out why.

Anyone has any ideas?

Answer 1

I have had this exact issue occur and was able to fix it. To prevent the following error:

"Creating RSA Key Container... The RSA key container could not be opened. Failed!"

message upon creating a new key, you will 1st want to set up permissions on the following directory where the machine keys reside after being creating:

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

This is the directory where the machine keys from the command line below get created and stored. The issue is, even as an administrator you may not have access to create and manipulate the keys by default. The easiest thing to do is allow the 'Administrators' group of the machine have 'Modify' permissions to this directory.

Right-click on the 'MachineKeys' directory and ensure the Administrators group has the proper access. See the following post I wrote which is comprehensive on this process: Encrypting Configuration Sections In .NET

One other note, even though the error is produced, technically the key still gets created but is in an invalid state. After fixing the permissions, it's best to delete the key using the -pz switch and then re-adding using the -pc switch again, making sure the error does not get displayed and you get a Succeeded! message.

Answer 2

Take a look at the following blog post. Seems like a permission issue. You could also try running this command as administrator.