Closed lastbuilders closed 7 years ago
So it works on one machine, but not another? Sounds like an environmental issue.
Thanks Brock,
I was thinking environmental too. I am wondering is there something else I am missing that could cause this behaviour or are there any troueshooting utilities I could use to investigate it further?
Regards, Barry
Nothing comes to mind, sorry.
Hi Brock, Thanks for getting back to me. I did some research and found some articles which resolved it by resetting permissions on the MachineKeys folder. https://www.reddit.com/r/sysadmin/comments/339ogk/this_certificate_issue_invalid_provider_type_has/
Barry
So that was the issue?
Yes, that was it. After resetting the permissions the IDServer signing certificate worked.
Ok, thanks for the update. Glad it's working now.
Hi All,
I am implementing Identity Server 3 on a Web Farm and am running into a problem with one node whereby the error below is thrown linked to signing the access token. The same configuration steps have been completed on both nodes,
The Servers are both Windows 2012 R2.
The certificate was generated using the following command I found here (https://brockallen.com/2015/06/01/makecert-and-creating-ssl-or-signing-certificates/) makecert -r -pe -n "CN=%1" -b 01/01/2015 -e 01/01/2020 -eku 1.3.6.1.5.5.7.3.3 -sky signature -a sha256 -len 2048 -ss my -sr LocalMachine
To register the certificate I followed the following steps: Open mmc.exe and add the certificates snap-in. Use the local computer store.
Grant Access to the imported certificate
So far I have checked (and rechecked several times :)) the following between the 2 servers to try and isolate the problem but the settings on the servers are consistent:
From the error it appears that the ID Server is finding the Certificate but is not able to use it correctly. I am hoping for suggestions a way to resolve this or to troubleshoot it further?
Thanks, Barry
Relevant parts of the log file