SharePoint 2010: System.Security.Cryptography.CryptographicException – ERROR


SharePoint 2010 has a new feature which recycles the OWSTIMER.EXE process every night – similar to the application pool functionality in IIS – to avoid memory problems inside the timer service.

The recycling is controlled by a new timer job which has been added in SharePoint 2010: the “Timer Service Recycle” job which per default runs once a day at 6 AM.

While performing the recycling and shutting down the timer service the timer service runs into a problem in .NET which Tess Ferrandez has explained here.

The problem here is that the encryption key was created on a specific thread which was impersonated under a specific users account. When the .NET Finalizer processes the encryption key while the timer service shuts down it executed on a different thread which is not impersonated – so the key does not exist and you get an exception like “keyset does not exist”.

As this exception occurs in the final stages of the shutdown of the process it does not cause any harm – beside adding an event to the event log when it happens:

 

Eventlog Error

An unhandled exception occurred and the process was terminated.
Application ID: DefaultDomain
Process ID: 4213
Exception: System.Security.Cryptography.CryptographicException

Message: Keyset does not exist

StackTrace:    at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.SafeProvHandle._FreeCSP(IntPtr pProvCtx)
at System.Security.Cryptography.SafeProvHandle.ReleaseHandle()
at System.Runtime.InteropServices.SafeHandle.InternalFinalize()
at System.Runtime.InteropServices.SafeHandle.Dispose(Boolean disposing)
at System.Runtime.InteropServices.SafeHandle.Finalize()

A more visible problem for a customer will occur when Visual Studio or a another JIT Debugger is installed on the affected box. In this case the following dialog will show up on the Console when the problem occurs:

Uninstalling Visual Studio will not resolve this issue as the registry settings which present this dialog are still active.

To configure the server to no longer show a dialog when an unhandled exception occurs, use the registry editor to delete the following registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger

On a 64-bit operating system also delete the following registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger

More details are at:
http://msdn.microsoft.com/en-us/library/5hs4b7a6(VS.80).aspx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: