You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed.
You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed.
https://github.com/microsoft/service-fabric/issues/773
It appears there may be 2 issues here:
-
the certificate's private key is not ACL'd to NetworkService; to fix this, please open the Management Console (start -> run -> mmc), navigate to 'Local Computer Certificates' (file -> add snap-in -> certificates, local computer) and examine the private key access list (right click on the certificate, 'All tasks' -> Manage private key..). If NetworkService is not listed: Add -> %computername%\Network Service -> 'check', followed by ok. (You may need to replace %computername% with the actual host name.)
-
the certificate is issued by an unsupported provider. The error (0x80090014/NTE_BAD_PROV_TYPE) indicates that the certificate was issued by a CNG key provider, which the SF runtime does not currently support. Note that ACLing errors are not fatal, and should not be the cause of the cluster's failure to start.
To confirm that is the case, please run the following, from a PowerShell prompt:
cd Cert:\LocalMachine\My
certutil -v -store my | findstr -i provider
If the output contains something like this:
Provider = Microsoft Software Key Storage Provider
then indeed this is a CNG certificate (issued with a Key Storage Provider).
I presume the certificate was created with the New-SelfSignedCertificate PowerShell cmdlet, which, unless otherwise specified, will use a CNG provider. If that is the case, and it is possible for you to create another certificate to be used for this cluster, you may try the following:
New-SelfSignedCertificate -NotBefore '' -NotAfter '' -DnsName -CertStoreLocation Cert:\LocalMachine\My -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -KeyExportPolicy ExportableEncrypted -Type Custom -Subject ""
Note this is just an example - the complete list of Crypto API Cryptographic Service Providers can be found here.
We are addressing this issue in an upcoming release.
Thanks.
相关文章
- Always Encryption: Failed to decrypt a column encryption key using key store provider: 'MSSQL_CERTIFICATE_STORE'
- Git rename from index.lock to index failed
- 异常Failed to convert value of type ‘java.lang.String‘ to required type ‘java.util.Date‘;
- SLF4J: Failed to load class org.slf4j.impl.StaticLoggerBinder
- web开发 Tomcat启动报错 5种解决方法 Server Tomcat v8.0 Server at localhost failed to start . 五种综合解决方法
- 安装错误 ERROR: DW050: - Microsoft Visual C++ 2010 Redistributable Package (x86): Install failed
- Spring Boot Failed to load resource: the server responded with a status of 404 ()
- APPLICATION FAILED TO START 报错
- Xcode8 1 创建coreData的ManagedObject后,报错 linker command failed with exit code 1
- mysql更新字段值提示You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column To disable safe mode
- SwiftUI 问题解决大全之处理 Xcode 中的“Failed to prepare device for development”错误消息
- nvidia-smi failed because it couldn't communicate with the nvidia driver
- Genymotion模拟器出现INSTALL_FAILED_NO_MATCHING_ABIS 的解决办法
- vscode cmake 插件 Acquisition Failed: Installation failed: Error: .NET installation timed out
- Ubuntu系统中CUDA套件nvvp启动后报错Failed to load module "canberra-gtk-module"
- 创建springBoot项目及启动报错遇到的问题解决:Failed to configure a DataSource: 'url' attribute is not specified and no embedd
- ORA-00245: control file backup failed; target is likely on a local file system (转载)
- Failed to configure a DataSource: ‘url‘ attribute is not specified and no .解决方法
- pycharm报错 Error: failed to send plot to http://127.0.0.1:63342及Connection Refused Error: [Errno 111]
- Failed to create pod sandbox
- [已解决]报错:Failed to restart network.service: Unit network.service not found
- Eclipse无法打开“Failed to load the JNI shared library”
- SpringBlade 端口占用 Web server failed to start. Port 80 was already in use.
- CentOS-8 - AppStreamError: Failed to download metadata for repo ‘AppStream‘: 的解决方法
- frp错误处理:login to server failed: authorization failed
- Could not read document: Failed to parse Date value ‘2020-07-15 11:29:46‘