HTTP 500 Error ‘Keyset does not exist’
Error: Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Security.Cryptography.CryptographicException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #61396B66Detail: -2147220970 System.Security.Cryptography.CryptographicException: Microsoft Dynamics CRM has experienced an error.
Keyset does not exist Not available Not available https://crmwebsite.domain.com/Handlers/FederationMetadata.ashx /Handlers/FederationMetadata.ashx
Resolution
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 14/08/2023 1:30:07 PM
Event time (UTC): 14/08/2023 3:30:07 AM
Event ID: 8f2981830a2a4adeb9df5df88a50fb76
Event sequence: 50
Event occurrence: 13
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT-1-133364560657654137
Trust level: Full
Application Virtual Path: /
Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\
Machine name: XXXXXXX
Process information:
Process ID: 5164
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
Exception type: CryptographicException
Exception message: Invalid provider type specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)
at System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature()
at System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement()
at System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor)
at System.IdentityModel.Metadata.MetadataSerializer.WriteMetadata(Stream stream, MetadataBase metadata)
at Microsoft.Crm.Authentication.Claims.MetadataGenerator.GenerateCrmFederationMetadata(Stream stream)
at Microsoft.Crm.Application.Components.Handlers.FederationMetadata.ProcessRequestInternal(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Request information:
Request URL: https://xxxxxx/Handlers/FederationMetadata.ashx
Request path: /Handlers/FederationMetadata.ashx
User host address: 192.168.51.9
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
Thread ID: 51
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: True
Stack trace: at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)
at System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature()
at System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement()
at System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor)
at System.IdentityModel.Metadata.MetadataSerializer.WriteMetadata(Stream stream, MetadataBase metadata)
at Microsoft.Crm.Authentication.Claims.MetadataGenerator.GenerateCrmFederationMetadata(Stream stream)
at Microsoft.Crm.Application.Components.Handlers.FederationMetadata.ProcessRequestInternal(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Resolution
Make sure the Certificate installed has the correct private key
Use certutil to check on the certificate
================ Certificate 3 ================
================ Begin Nesting Level 1 ================
Element 3:
Serial Number: XXXXXXXXXXX
Issuer: CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
NotBefore: 28/07/2023 10:00 AM
NotAfter: 27/08/2024 9:59 AM
Subject: CN=XXXXXXXXX
Non-root Certificate
Cert Hash(sha1): XXXXXXXXXX
—————- End Nesting Level 1 —————-
Key Container = PfxContainer
Provider = PfxProvider
Encryption test FAILED
CertUtil: -dump command completed successfully.
Loading...