You cannot send or receive encrypted Message Queuing messages after you upgrade a computer from Windows XP to Windows Vista

Article translations Article translations
Article ID: 952569 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

After you upgrade a computer from Windows XP to Windows Vista, you cannot send or receive encrypted Microsoft Message Queuing, also known as MSMQ, 4.0 messages. The attempts to send or to receive encrypted Message Queuing messages fail. Additionally, you receive the following error message:
0x80090016 "The key container could not be opened".

CAUSE

This problem occurs because the Message Queuing service is unable to access the machine key files that are required by the CryptAcquireContext function. The Message Queuing service in Windows XP runs under the context of the Local System account. The Message Queuing service in Windows Vista runs under the context of the Network Service account. However, the Network Service account does not have the necessary rights to access the machine key files that are required by the CryptAcquireContext function.

RESOLUTION

To resolve this problem, follow these steps:
  1. Grant the Network Service account the Full Control permission to the required machine key files. To do this, follow these steps:
    1. Log on to the computer that is running Windows Vista by using an account that is a member of the local Administrators group.
    2. In Windows Explorer, click Folder and Search Options on the Organize menu.
    3. In Folder Options, click the View tab, click the Show hidden files and folders option, and then click OK.
    4. Locate the drive:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder.
    5. Locate the files that begin with the following:
      • 229560ff226d803edae6709d990da074
      • db31d639599ec9ead75c903166331b31
    6. Grant the Network Service account the Full Control permissions to these files. To do this, follow these steps:
      1. Right-click the file, and then click Properties.
      2. Click the Security tab.
        Collapse this imageExpand this image
        User Account Control permission
        If you are prompted for an administrator password or for a confirmation, type the password or click Continue.
      3. Click Edit, click Add, type Network Service, click Check Names, and then click OK.
      4. In the Group or user names list, click Network Service.
      5. Click to select the Allow check box that is next to the Full Control permission, and then click OK.
      6. Click OK.
  2. Renew cryptographic keys for Message Queuing. To do this, follow these steps:
    1. Click Start, click Run, type compmgmt.msc in the Open box, and then click OK.
      Collapse this imageExpand this image
      User Account Control permission
      If you are prompted for an administrator password or for a confirmation, type the password or click Continue.
    2. In the Computer Management console, expand Services and Applications, right-click Message Queuing, and then click Properties.
    3. In the Message Queuing Properties dialog box, click the Service Security tab, and then under Cryptographic keys, click Renew.
    4. A warning message will be displayed to indicate that received messages may be encrypted by using a cryptographic key that differs from the one that is used on the computer. You will be unable to read this kind of message. You will be asked whether you want to continue. If it is acceptable, click Yes. If it is unacceptable, click No, and then renew the cryptographic key at some other time.

Properties

Article ID: 952569 - Last Review: May 22, 2008 - Revision: 1.0
APPLIES TO
  • Microsoft Message Queuing 4.0
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate
  • Windows Vista Ultimate 64-bit Edition
Keywords: 
kbexpertiseadvanced kbtshoot kbprb KB952569

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com