Vault 3.0 : "could not get public key from server"

[TMax]

Hi,
I was using vault 2.06 as a single user (Vault Server is on a Win2003 PC, and I'm using VS.Net with Vault Client on a WinXP PC).

I have upgraded to Vault 3.0 without problem, but when trying to connect to the server using the AdminUI (locally), or using the Vault 3.0 Client (from my XP Station), I have the following error :
"could not get public key from server".

I can use Web Client locally or from the station without problem (with the 'admin' user or with my single account).

I have tried to remove all data from server, to do a fresh 3.0 install => same problem.

I had to fallback to 2.06, so, if anyone has an idea !

Best regards.

Jean-Michel

[mhawley]

Hi,
I have upgraded to Vault 3.0 without problem, but when trying to connect to the server using the AdminUI (locally), or using the Vault 3.0 Client (from my XP Station), I have the following error :
"could not get public key from server".

Did you also upgrade your license number, or where you trying to use your 2.x license number? More info here: http://support.sourcegear.com/viewtopic.php?p=8699

[jeremy_sg]

Does your Vault server log file have any useful information? http://support.sourcegear.com/viewtopic.php?t=1762

[TMax]

Hi again..
Thanks for your replies.

As I said, I'm using Vault as a single-user, without any license number, so it's seems the mandatory license upgrade does not apply in this case.

About the 'debug mode', I would like to enable it, but I can't... as I can't enter the adminUI !!!
And the standard log has no entry about a particular problem when trying to connect with the AdminUI (there's a log entry for each connection using the Web interface).

... Well, I will wait a bit...

Thanks again !

[jeremy_sg]

Email me using the button below this post. I want to figure this out, as I'm sure there will be other people with the same issue.

[Robert]

Hi,

I am having exactly the same problem. I upgraded from 2.0.6 to
3.0.0 without any problems. The server is on a 2003 machine and the
client on XP SP2. I am using vault on a personal basis and never
entered any registration number.

Now I can't login any more neither locally with the Admin Tool nor from
Visual Studio as I always get the error

Could not get public key from server

Do I have to switch back to 2.0.6 ?

Robert

[woodr]

I have just purchased and installed Vault 3.0 on Win2K3. I am getting the same error when I attempt to log in to the administrator using the admin password. Any suggestions? (Should I post this in the Gold Support forum for faster response??)

FYI -- This is a fresh install, not an upgrade.

--Ryan

[jeremy_sg]

Robert and Ryan,

I've gotten an email from both of you, so I will contact each of you offline. There is something going on, and it will be fixed as soon as possible.

[jclausius]

Do you happen to know what account ASP.Net's process is running under? ( By default on IIS 5 this is MACHINE\ASPNET, on IIS6 this is NETWORK SERVICE )?

Also, what do the security rights look like for the following directory %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys?

Finally, what do the security rights look like on the file %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\edb3f753ca89beb7d17f32a80a447d75_*?

[jeremy_sg]

Robert's problem was related to the fact that he was running the French version of Windows 2003. The account used by IIS has a the name "AUTORITE NT\SERVICE RÉSEAU" (as pointed out to us by Arnaud at http://support.sourcegear.com/viewtopic.php?t=2339). That account needed full control of the Machine Keys directory, but the installer didn't give them. The wrong permissions on the Machine Keys directory caused the public key failure that he was seeing. TMax is also from France, so it is probably safe to assume that this was the cause of his problem as well. I haven't yet gotten in contact with Ryan.

[TMax]

Hi !

You we're right, the problem is related to the security of
"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys"

I've added "Service réseau" with full control to both the folder and the specific entry, and I no more have the error mesage !

The problem was the french version of Win2003...

Thanks for your help and support

Best regards,
JM

[jclausius]

Initial reports was the ASP.Net account would be language independent. This information was incorrect.

We've logged a bug to try to correctly identify the ASP.Net account regardless of OS language.

[woodr]

The work around for Win2K3 (English version) was the same as noted by TMax above.

I had to give full control of "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" to IUSER_[MACHINE NAME]. Apparently the process that is accessing the keys is running under the anonymous IIS user rather than the NETWORK SERVICE user as the installer expected.

--Ryan

[jclausius]

That is strange. The context of the process' user should have changed by then.

Are you running IIS 6? If you look at the application pool for VaultService, what does the Identity say? Also, are you running Vault with identity impersonation?

Finally, do you happen to know what flavor of Windows 2003 you are using? Plain Windows 2003 server? Windows 2003 Small Bus Server? Win 2003 Web Server?

[woodr]

It's amazing what some sleep and a new day will bring. I started digging through the install again trying to find some that would have caused the problem.

I found a web.config file the root of the default site that had impersonation turned on. I removed that (and the recently added IUSER permissions to the MachineKeys dir) and it looks like things are working again. Sorry for the confusion.

--Ryan