Monday, December 31, 2012

Handle is Invalid

A co-worker was once trying to update some certificates on one of his Windows 2003 servers.  Every time he tried to access the certificates stores via MMC, he would receive an error similar to:

Handle is Invalid

It turns out that he somehow reset the security on the certificates.  The following steps fixed the issue:

  1. Navigate to: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
  2. Permissions should be set to the following for the "MachineKeys" folder:

    3. Administrator (Full Control) This folder only
    Everyone (Special) This folder, subfolders, and files
    SYSTEM (Full Control) This folder, subfolders, and files

  3. To set the Special permissions for the Everyone group:
    • RIGHT click the MachineKeys folder
    • Select PROPERTIES
    • Click on the SECURITY tab
    • Click on the ADVANCED button
    • Highlight the EVERYONE entry
    • Click on the EDIT button
    • CHECK the following entries under the ALLOW column:
      • List Folder/Read Data
      • Read Attributes
      • Read Extended Attributes
      • Create Files/Write Data
      • Create Folders/Append Data
      • Write Attributes
      • Write Extended Attributes
      • Read Permissions
    • Click OK
    • Check BOTH "Allow inheritable permissions..." and "Replace permission entries..."
    • Click OK
    • Click OK again
Created:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)