System.Security.Cryptography.CryptographicException: An internal error occurred.

Chris Inman's Avatar

Chris Inman

17 Jul, 2012 04:03 PM

I am receiving this error when clicking on the Environments link from the Octopus Deploy web interface. It worked fine yesterday, I was getting ready to update to Octopus.1.0.18.1294 when I noticed the issue, I updated to Octopus.1.0.18.1294 and the issue still exists. I have ResetIIS on the Octopus Web Server.

An internal error occurred.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException: An internal error occurred.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CryptographicException: An internal error occurred. ] System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +41 System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0 System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +372 Octopus.Core.Model.Security.Certificate.Decode(String base64Encoded) in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Core\Model\Security\Certificate.cs:44 Octopus.Core.Model.Security.Certificate.CreateX509Certificate() in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Core\Model\Security\Certificate.cs:32 Octopus.Portal.Models.Environments.EnvironmentListModelBuilder.CreateFrom(IList1 environments, Certificate certificate) in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Portal\Models\Environments\EnvironmentListModelBuilder.cs:14 Octopus.Portal.Controllers.EnvironmentsController.Index() in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Portal\Controllers\EnvironmentsController.cs:28 lambda_method(Closure , ControllerBase , Object[] ) +79 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +248 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +39 System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() +125 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +312 System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +691 System.Web.Mvc.Controller.ExecuteCore() +162 System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +305 System.Web.Mvc.<>cDisplayClassb.b5() +62 System.Web.Mvc.Async.<>cDisplayClass1.b0() +20 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +469 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +375

  1. Support Staff 1 Posted by Paul Stovell on 17 Jul, 2012 04:09 PM

    Paul Stovell's Avatar

    Hi Chris,

    What user account is the Octopus Portal application pool running as under IIS? Does changing it to Local Service work? It sounds like the account may be missing some permissions.

    Paul

  2. 2 Posted by Chris Inman on 17 Jul, 2012 05:25 PM

    Chris Inman's Avatar

    I did change the user account that the site was running as to a domain account (that is also a local admin on the Octopus web server) so that we could read the NuGet feed on a file share on a different server. I did change the credentials back to LocalService and the "Environments" and "Certificates" links are now working, but my Nuget Feed location is not.

    Specifying the security credentials did not seem to work for the NuGet feed.

    After changing the AppPool credential to the domain user I started to see my NuGet packages on the remote server. But can no longer access those two directories.

  3. Support Staff 3 Posted by Paul Stovell on 17 Jul, 2012 06:11 PM

    Paul Stovell's Avatar

    Hi Chris,

    Awesome, that narrows it down. Can you try changing back to the domain user, and also making the domain user a local administrator on the machine? That should allow it to read private keys from the cert store.

    Paul

    Sent from my Windows Phone
    ________________________________
    From: Chris Inman
    Sent: 17/07/2012 18:25
    To: Paul Stovell
    Subject: Re: System.Security.Cryptography.CryptographicException: An internal error occurred. [Problems]

  4. Support Staff 4 Posted by Paul Stovell on 17 Jul, 2012 06:17 PM

    Paul Stovell's Avatar

    Sorry Chris, I just saw that you already said the user is a local admin. I'll get back to you

    Paul

  5. Support Staff 5 Posted by Paul Stovell on 17 Jul, 2012 06:22 PM

    Paul Stovell's Avatar

    Hi Chris,

    In your App Pool settings, after changing the user identity to your custom domain user/local admin, is "Load User Profile" set to true?

    Paul

  6. 6 Posted by Chris Inman on 17 Jul, 2012 06:25 PM

    Chris Inman's Avatar

    Changing back to the domain user with the Admin rights on the Octopus Web server and restarting IIS fixed the NuGet feeds but once again broke "Environments" and "Certificates".

    Let me know, thanks
    Chris

  7. 7 Posted by Chris Inman on 17 Jul, 2012 06:29 PM

    Chris Inman's Avatar

    It is set to false, see screen shot below:

    Chris

  8. Support Staff 8 Posted by Paul Stovell on 17 Jul, 2012 06:31 PM

    Paul Stovell's Avatar

    Thanks Chris,

    Does changing it to 'true' and performing an IISReset fix the issue?

    I suspect the user profile needs to be loaded so that the account can access its certificate key store.

    Paul

  9. 9 Posted by Chris Inman on 17 Jul, 2012 06:41 PM

    Chris Inman's Avatar

    I set the value to 'true' and IISReset , still no luck.

    The profile for the user is a temporary profile.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Security.Cryptography.CryptographicException: The profile for the user is a temporary profile.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [CryptographicException: The profile for the user is a temporary profile. ] System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +41 System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0 System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +372 Octopus.Core.Model.Security.Certificate.Decode(String base64Encoded) in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Core\Model\Security\Certificate.cs:44 Octopus.Core.Model.Security.Certificate.CreateX509Certificate() in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Core\Model\Security\Certificate.cs:32 Octopus.Portal.Models.Environments.EnvironmentListModelBuilder.CreateFrom(IList1 environments, Certificate certificate) in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Portal\Models\Environments\EnvironmentListModelBuilder.cs:14 Octopus.Portal.Controllers.EnvironmentsController.Index() in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Portal\Controllers\EnvironmentsController.cs:28 lambda_method(Closure , ControllerBase , Object[] ) +79 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +248 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +39 System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() +125 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +312 System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +691 System.Web.Mvc.Controller.ExecuteCore() +162 System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +305 System.Web.Mvc.<>cDisplayClassb.b5() +62 System.Web.Mvc.Async.<>cDisplayClass1.b0() +20 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +469 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +375

  10. Support Staff 10 Posted by Paul Stovell on 17 Jul, 2012 07:05 PM

    Paul Stovell's Avatar

    Hi Chris,

    Thanks for the update, I'll do a release in about an hour that should hopefully fix this issue.

    Paul
    ________________________________
    From: Chris Inman
    Sent: 17/07/2012 19:41
    To: Paul Stovell
    Subject: Re: System.Security.Cryptography.CryptographicException: An internal error occurred. [Problems]

  11. 11 Posted by Chris Inman on 17 Jul, 2012 07:10 PM

    Chris Inman's Avatar

    Sounds good, thanks Paul.

  12. Support Staff 12 Posted by Paul Stovell on 17 Jul, 2012 09:02 PM

    Paul Stovell's Avatar

    Hi Chris,

    Can you try installing this version of Octopus, to see if the issue is fixed?

    http://octopusdeploy.com/downloads?version=1.0.19.1297

    Paul

  13. 13 Posted by Chris Inman on 17 Jul, 2012 11:30 PM

    Chris Inman's Avatar

    I'll give it a shot when I get to the office in the morning. I had problems when pointing to the releases on the file share during a test deployment with 6 packages, 3 releases failed in a row because the packages couldn't be found during the download phase but showed up in the UI, once I manually copied the files locally to the Octopus web server and changed the feed, the 6 packages deployed successfully. The AppPool is running as the domain user with full rights to the remote share and the Octopus server.

    Chris

  14. 14 Posted by Chris Inman on 18 Jul, 2012 01:04 PM

    Chris Inman's Avatar

    No Joy on accessing "Environments" or "Certificates" after the update to 1.019.1297. Package pull from the remote server is also still throwing errors, when I copy the packages local to the web server they work fine.

    Pulling packages local to the web server-GOOD

    Download package WebAdmin.Web 3.3.2.13359 from NuGet feed: LocalFeed Prototype
    2012-07-18 12:29:19 INFO Downloading NuGet package WebAdmin.Web 3.3.2.13359 from feed: 'C:\Octopus\Builds\USAJ-Prototype\'
    2012-07-18 12:29:19 DEBUG Downloaded packages will be stored in: C:\Octopus\Data\PackageCache
    2012-07-18 12:29:19 DEBUG Finding package (attempt 1 of 5)
    2012-07-18 12:29:20 DEBUG Found package WebAdmin.Web version 3.3.2.13359
    2012-07-18 12:29:20 DEBUG Downloading to: C:\Octopus\Data\PackageCache\WebAdmin.Web.3.3.2.13359_592A07151B6AF74186225E6EFB492023.nupkg
    2012-07-18 12:29:20 DEBUG SHA1 hash is: 7d3fb5cceeb418e2f7d53d8fd99bcb42d81f84d6
    2012-07-18 12:29:20 INFO Download complete.

    Pulling packages from remote share-BAD

    2012-07-18 12:53:16 ERROR Unable to download package: Could not find package WebAdmin.Web 3.3.2.13359 in feed: '\remoteServer\Builds\USAJ-Prototype\' System.Exception: Could not find package WebAdmin.Web 3.3.2.13359 in feed: '\remoteServer\Builds\USAJ-Prototype\'
    at Octopus.Server.Tasks.Deploy.DownloadPackageActivity.FindPackage(Int32 attempt) in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Server\Tasks\Deploy\DownloadPackageActivity.cs:line 118 at Octopus.Server.Tasks.Deploy.DownloadPackageActivity.AttemptToFindAndDownloadPackage(Int32 attempt, String cacheDirectory, IPackage& downloadedPackage, String& path) in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Server\Tasks\Deploy\DownloadPackageActivity.cs:line 98 at Octopus.Server.Tasks.Deploy.DownloadPackageActivity.AttemptToDownload() in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Server\Tasks\Deploy\DownloadPackageActivity.cs:line 62 2012-07-18 12:53:17 DEBUG Finding package (attempt 2 of 5)

    Accessing "Environments" or "Certificates"

    Server Error in '/' Application.

    The profile for the user is a temporary profile.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Security.Cryptography.CryptographicException: The profile for the user is a temporary profile.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [CryptographicException: The profile for the user is a temporary profile. ] System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +41 System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0 System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +372 Octopus.Core.Model.Security.Certificate.Decode(String base64Encoded) in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Core\Model\Security\Certificate.cs:44 Octopus.Core.Model.Security.Certificate.CreateX509Certificate() in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Core\Model\Security\Certificate.cs:32 Octopus.Portal.Models.Environments.EnvironmentListModelBuilder.CreateFrom(IList1 environments, Certificate certificate) in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Portal\Models\Environments\EnvironmentListModelBuilder.cs:14 Octopus.Portal.Controllers.EnvironmentsController.Index() in c:\BuildAgent\work\7bf5272a44079f5\source\Octopus.Portal\Controllers\EnvironmentsController.cs:28 lambda_method(Closure , ControllerBase , Object[] ) +79 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +248 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +39 System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() +125 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +640 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +312 System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +691 System.Web.Mvc.Controller.ExecuteCore() +162 System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +305 System.Web.Mvc.<>cDisplayClassb.b5() +62 System.Web.Mvc.Async.<>cDisplayClass1.b0() +20 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +469 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +375

  15. Support Staff 15 Posted by Paul Stovell on 18 Jul, 2012 03:33 PM

    Paul Stovell's Avatar

    Hi Chris,

    Thanks for doing the shared screen session with me today, I believe this is resolved.

    For anyone else who comes across this issue, the problem seemed to be that the domain user was being assigned a profile path of C:\Users\Temp instead of C:\Users\<username>.

    To resolve it, we:

    1) Stopped all services that were using the account, so that it was not logged in anymore
    2) Logged in to the machine interactively as that account
    3) Checked that the path was no longer C:\Users\Temp
    4) Switched the services to use the domain user again, and started them

    As to why the user was given a temporary profile in the first place, I'm not sure, but once we were able to log on interactively it seemed to go away.

    The profile is needed because private keys are temporarily loaded into the user's profile when the application is running, which is not supported when the user is running under a temporary profile.

    Paul

  16. 16 Posted by Francisco on 19 Dec, 2012 08:37 PM

    Francisco's Avatar

    Use this code

    certificate = new X509Certificate2(System.IO.File.ReadAllBytes(p12File),
    p12FilePassword

                    , X509KeyStorageFlags.MachineKeySet |
    

    X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

  17. 17 Posted by Orn on 21 Dec, 2012 09:45 PM

    Orn's Avatar

    I got the same error after installing the latest, how do you verify #3 ?

    3) Checked that the path was no longer C:\Users\Temp

  18. 18 Posted by Jon Canning on 07 Jan, 2013 05:10 PM

    Jon Canning's Avatar

    Just received this error on new install. Changing Octopus Portal Application Pool identity to LocalService solved it

  19. Support Staff 19 Posted by Paul Stovell on 22 Feb, 2013 08:14 AM

    Paul Stovell's Avatar

    Thanks all, we should have this finally fixed in our next release.

    Paul

  20. Chris Inman closed this discussion on 30 May, 2014 07:47 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac