Keyset does not exist

  • Updated

This article explains how to resolve the following error when using eSync.

"Error System.Security.Cryptography.CryptographicException: Keyset does not exist"

"Error System.Security.Cryptography.CryptographicException: Keyset does not exist" when attempting to run eSync.

If running the application pool under a domain user identity, and that user is not a member of any local user group on that machine,  the user will not have permission to read the certificate from the store, within the registry. 

1. Find the Thumbprintfor the client key. To do this, click
     Start >> Run >> MMC >> Add/Remove Snap-in >> Certificates >> Personal >> Certificates >> corresponding client key >> Thumbprint

2. Use this link to download 'findprivatekey.exe'.

3. Run the following command using the thumbprint you obtained in Step 1.

    FindPrivateKey.exe My LocalMachine -t "" -a    

4. Give read access to the certificate using the cacls.exe tool, which resides in the System32 folder. To accomplish this, run the command below: 
     cacls.exe "" /E /G "":R 
For example:
     "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b4680fe9a4c72acb865b942988ce42ee_dba9eec3-8e6b-4ec5-8043-2044351b485e"  /e /g "Indymacdev\EktronCMS400":R

  MSDN: FindPrivateKey

  MSDN: Make X.509 Certificates Accessible to WCF