Tag Archives: VM

Issues with the TridionRsaContainer registration!

Posted on by
1

Scenario

We’d copied a CM instance (VirtualMachine) from the PRD environment and placed this into the UAT environment, all configurations done as we’d tested and expected.

To avoid getting the error stating that the [clientUATdomain]\MTSUser does not have access to the tridion.security configuration setting we executed the TridionRsaContainer command

aspnet_regiis -pa "TridionRsaKeyContainer" "[clientUATdomain]\MTSUser"

This failed with the MTSUser. On confirming we had the correct [domain]/username/password and further investigation we found that no-one knew the actual account that had been used to install SDL Tridion 2011 CM. We needed this account so we could log into the UAT CM machine in order to give the MTSUser access to the tridion.security configuration setting. This is because this config setting is protected using this windows functionality : http://msdn.microsoft.com/en-us/library/yxw286t2(v=vs.100).aspx

Solution
We could see that file in question is actually a file in c:\programdata\microsoft\crypto\rsa

This file is accessible only to a small number of users (the production domain mtsuser had access to it). So we tried this:

  • log in on the PRD machine as the production domain mtsuser
  • export the rsa key via this command
aspnet_regiis -px "TridionRsaKeyContainer" keys.xml -pri

We then placed this keys.xml file onto the UAT CM box and then executed the import command

aspnet_regiis -pi "TridionRsaKeyContainer" c:\temp\keys.xml

and finally, the following command

aspnet_regiis -pa "TridionRsaKeyContainer" "[clientUATdomain]\MTSUser"

So, on booting up the CM Browser… boom… We got an error in the GUI after a quick dig into the respective ‘Tridion Configuration’ error in the Event system … we then executed

aspnet_regiis -pa "TridionRsaKeyContainer" "nt authority\network service"

Quick restart of the services and all is well again.

The motto of the story – DO NOT ‘LET SLIP‘ WHICH USER INSTALLED THE CM – especially if you want to clone the machine during a setup!

If you’ve had a similar experience we’d be very interested to hear if there are other ways around this – other than simply re-installing the CM with a noted user :)

Special thanks to Harald Hoffelinck on this solution!