Office Servers and Services

"La connaissance ne vaut que si elle est partagée" / "An effective Knowledge is a shared one"

Skype 2015: may not have a private key that is capable of key exchange or the process may not have access rights for the private key [Solved]

Posted by Teruin laurent sur novembre 18, 2019


Version Skype 2015 Server version 6.0.9319.562 (CU10) / Windows Server 2012 Standard Edition

Today when I try to renew a Skype certificate on the PTchat server I’ve got this error message.

Skype for Business Server 2015, Persistent Chat could not start due to the following exception:

at System.ArgumentException: It is likely that certificate ‘CN=EUPGDSGCP021.xxx, O=xxx, L=xxx, S=xx, C=xx’ may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. —> System.Security.Cryptography.CryptographicException: Invalid provider type specified.

 

After checking the right on the certificate all looks fine



 


I try to assign the Certificat with deploy program I ve got a warning that indicate the presence of more than one certificate for this computer. So I decided to remove the old one and reassign the certificate. Thus no warning error message.


When I try to start the service I ve got this error message.


And the Event viewer


So, I decided to restart the computer and check if I can start the service. Same issue

The weird thing is that all the Certificate issue operation and the assignment looks okay.

 

Check Root and Intermediates containers

Because Skype for Server has been written by fundamentalists of certificate management, I decided to check in the certificate container if Root certificates are only in the Trusted Root certification Authorities container and same for the Intermediate Certification Authorities. Perfect ! . To determine root and not root certificate you only have to check if the issue by and issue to has the same value. If yes, it is a root certificate.

 

So I ve cleaned this mess and try to restart my server…and… same issue


 

I ve checked again the Root certificate and the intermediate certificate containers in the server and I discover that some Root certificate authority are duplicated. I have remove them and check again if only the roots certificate are only int the roots containers and same for intermediate. . I have restarted the server again.

Same Issue. The service Persistent Chat could not start

 

I try to regenerate the Request



 


Sumitted the request with certreq generate the certificate and assign with deploy skype server . Rebbotting the server . Same Result

 

Certificate request from Windows 2008 R2

After searching on the Web I found this

https://blogs.perficient.com/2013/12/09/lync-support-for-cryptoaping-certificates/

This article talk about Lync… but maybe ….

So I tried to make a certificate request from a Windows 2008 R2 and export the certificate to my Ptchat server . Importation , assignment to skype server and reboot

Same issue .

 

Certificate with server and Client Authentication function

I will try to generate the certificate for Server and client authentication following this article

https://social.msdn.microsoft.com/Forums/en-US/7b7bd2a8-b2dc-4700-a657-826754217068/cryptographicexception-invalid-provider-type-specified?forum=wcf

I regenerate a certificate on the Ptchat server and assign the right to read the private key to the Network service. Reboot the server

Same Issue.

Setting everyone access to the Private key

and restart

Same issue


 

 

Trying to use deploy to generate the request

Another attempt is to use the deploy skype executable to create the request


Certifcate has been assigned . reboot . and Solved !!!!!!

 

 

 

 

 

 

 

 

 

 


 

Répondre

Choisissez une méthode de connexion pour poster votre commentaire:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion /  Changer )

Photo Google

Vous commentez à l'aide de votre compte Google. Déconnexion /  Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion /  Changer )

Connexion à %s

 
%d blogueurs aiment cette page :