Today I was troubleshooting a problematic remotely managed server that was not reporting into our Operations Center. The OpsMgr Health Service service was running; however, we were not receiving a “heartbeat” from the server. The Operations Manager event log contained error events that indicated a problem involving the certificate private key used to unencrypt the package received from our Root Management Server (RMS).
When I accessed the System event log on the server, I also discovered that the following event was being logged several times every hour:
Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36870
Date: 10/28/2008
Time: 9:36:08 AM
User: N/A
Computer: Servername
Description:
A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0xffffffff.
My research indicated that this event is the result of improper NTFS permissions being set on the MachineKeys directory, which is located under the All Users Profile\Application Data\Microsoft\Crypto\RSA directory. This directory is utilized by both Certificate services and Internet Explorer. The default permissions for the MachineKeys directory are as follows:
Administrator (Full Control) This folder only
Everyone (Special) This folder, subfolders, and files
SYSTEM (Full Control) This folder, subfolders, and files
Although resetting the permissions on the MachineKeys directory did not totally resolve the Operations Manager agent heartbeat problem (I also had to uninstall and reinstall the agent), it did eliminate the Schannel events in the System event log.
Addtional information can be found in Microsoft Knowledge Base Article 278381.
