You cannot send or receive encrypted Message Queuing messages after you upgrade a computer from Windows XP to Windows Vista

You cannot send or receive encrypted Message Queuing messages after you upgrade a computer from Windows XP to Windows Vista

Article ID : 952569
Last Review : May 22, 2008
Revision : 1.0

SYMPTOMS

After you upgrade a computer from Windows XP to Windows Vista, you cannot send or receive encrypted Microsoft Message Queuing, also known as MSMQ, 4.0 messages. The attempts to send or to receive encrypted Message Queuing messages fail. Additionally, you receive the following error message:

0x80090016 The key container could not be opened.

Back to the top

CAUSE

This problem occurs because the Message Queuing service is unable to access the machine key files that are required by the CryptAcquireContext function. The Message Queuing service in Windows XP runs under the context of the Local System account. The Message Queuing service in Windows Vista runs under the context of the Network Service account. However, the Network Service account does not have the necessary rights to access the machine key files that are required by the CryptAcquireContext function.

Back to the top

RESOLUTION

To resolve this problem, follow these steps:

1. Grant the Network Service account the Full Control permission to the required machine key files. To do this, follow these steps:

a. Log on to the computer that is running Windows Vista by using an account that is a member of the local Administrators group.
b. In Windows Explorer, click Folder and Search Options on the Organize menu.
c. In Folder Options, click the View tab, click the Show hidden files and folders option, and then click OK.
d. Locate the drive: ProgramData Microsoft Crypto RSA MachineKeys folder.
e. Locate the files that begin with the following:

• 229560ff226d803edae6709d990da074
• db31d639599ec9ead75c903166331b31
f. Grant the Network Service account the Full Control permissions to these files. To do this, follow these steps:

1. Right-click the file, and then click Properties.
2. Click the Security tab.
User If you are prompted for an administrator password or for a confirmation, type the password or click Continue.
3. Click Edit, click Add, type Network Service, click Check Names, and then click OK.
4. In the Group or user names list, click Network Service.
5. Click to select the Allow check box that is next to the Full Control permission, and then click OK.
6. Click OK.
2. Renew cryptographic keys for Message Queuing. To do this, follow these steps:

a. Click Start, click Run, type compmgmt.msc in the Open box, and then click OK.
User If you are prompted for an administrator password or for a confirmation, type the password or click Continue.
b. In the Computer Management console, expand Services and Applications, right-click Message Queuing, and then click Properties.
c. In the Message Queuing Properties dialog box, click the Service Security tab, and then under Cryptographic keys, click Renew.
d. A warning message will be displayed to indicate that received messages may be encrypted by using a cryptographic key that differs from the one that is used on the computer. You will be unable to read this kind of message. You will be asked whether you want to continue. If it is acceptable, click Yes. If it is unacceptable, click No, and then renew the cryptographic key at some other time.

Back to the top


APPLIES TO
• Microsoft Message Queuing 4.0
• Windows Vista Business
• Windows Vista Business 64-bit Edition
• Windows Vista Enterprise
• Windows Vista Enterprise 64-bit Edition
• Windows Vista Home Basic
• Windows Vista Home Basic 64-bit Edition
• Windows Vista Home Premium
• Windows Vista Home Premium 64-bit Edition
• Windows Vista Ultimate
• Windows Vista Ultimate 64-bit Edition

Back to the top

Keywords: 
kbexpertiseadvanced kbtshoot kbprb KB952569

Back to the top

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image