Attempting to encrypt credentials to use when running PowerShell scripts, you receive an error similar to the following:
New-Object : Exception calling ".ctor" with "2" argument(s): "Object already exists. " At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\vcommander\Security.psm1:65 char:12 + $rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider -Arg ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand The property 'PersistKeyInCsp' cannot be found on this object. Verify that the property exists and can be set. At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\vcommander\Security.psm1:66 char:2 + $rsa.PersistKeyInCsp = $true + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) , RuntimeException + FullyQualifiedErrorId : PropertyNotFound You cannot call a method on a null-valued expression. At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\vcommander\Security.psm1:67 char:2 + $encrypted = $rsa.Encrypt($bytes,$true) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) , RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull
When you attempt to generate the encrypt credential file, the Security module makes use of a machine key. In attempting to access this key, the module encountered permission issue on the machine key store file. This file is created with permissions for the user account that created that file and the system account only. We suspect the context account that is trying to use this key store file does not have permissions. To correct:
- On the vCommander® application server, locate the folder with the RSA machines kes. The directory is dependent on the OS version, but is likely one of these:
- \Users\All Users\Microsoft\Crypto\RSA\MachineKeys
- Using a text editor, open each file in that directory and look for the string “SuperSecretProcessOnMachine”. We recommend using Notepad++ to open and search all files for the string.
- Note the filename where the string was located. It is displayed as the title of the tab for the file where it was located.
- Right click this file and choose Properties. Switch to the Security tab.
- The account you are using to issue the command requires READ, WRITE, and EXECUTE. Update the security and save your settings.