Re: WSUS: The encryption key cannot be retrieved

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thanks for your help. I am not using R2. It is a SBS 2003 Premium box with SP1 and WSUS 2.0. I followed the directions in step 1, but it did not resolve the issue. Since I don't have SBS 2003 R2, I did not follow step two. Would upgrading to WSUS 3.0 potentiall solve the problem? or do you have steps to try for the non embedded version of WSUS 2.0?

THank you for you help,
Attila


"Manfred Zhuang [MSFT]" <v-mzhuan@xxxxxxxxxxxxxxxxxxxx> wrote in message news:CKK0mH9DIHA.5256@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello Attila,

Thank you for posting here.

From your post, my understanding of this issue is: WSUS does not work.
Error message "The encryption key cannot be retrieved" is received.

If this is not correct, please feel free to let me know.

Firstly please let me know the version of WSUS installed on the server. Is
it 2.0 or 3.0? Is it the edition embedded in SBS 2003 R2 or the stand alone
edition?

I would like to confirm that have you changed something before this issue
occurred? Usually, this error indicates you got a cryptographic exception
when you try to change synchronization settings. Since the encryption key
depends on the system directory creation time, if you restore the system
from backup, the issue will occur.

Let's try following steps and check if it helps:

Step 1:
======
1. Open My Computer, right click C drive and click Properties.
2. In Security tab, grant Network Service account Read access.

Step 2:
=====
Gp to the WsusPool properties under Application Pools in IIS Manager, under
the Identity tab, change "Network Service" to "Local System", and then
reboot the server for a test.

If the issue persists, we recommend that you back up the database and the
content directory. Then reinstall WSUS & then restore the database and
content directories.

NOTE: I assume that it is the edition embedded in SBS 2003 R2.

1. Backup existing WSUS DB and content folder: C:\WSUS

2. Download Windows Server Update Services API Samples and Tools from the
following link. Install it on WSUS server.

http://technet.microsoft.com/en-us/wsus/bb466192.aspx

3. Export the WSUS configuration. Under the installation folder, say
C:\Program Files\Update Services API Samples and
Tools\WsusMigrate\WsusMigrationExport, run the following command:

WSUSMigrationExport WSUS-yyyymmdd.xml

4. Open Add/remove programs, remove Windows Small Business Server 2003 R2.

5. Insert SBS 2003 R2 CD 6 to reinstall Windows Small Business Server R2.
Configure the WSUS as the old WSUS.

6. Finish the full synchronization.

7. Copy the file WSUS-yyyymmdd.xml from C:\Program Files\Update Services
API Samples and Tools\WsusMigrate\WsusMigrationExport

to

C:\Program Files\Update Services API Samples and
Tools\WsusMigrate\WsusMigrationImport

7. Navigate to following folder in CMD:

C:\Program Files\Update Services API Samples and
Tools\WsusMigrate\WsusMigrationImport

9. Run the following command to import Target Groups, Configuration,
Approvals and Computers.

WsusMigrationImport.exe WSUS-yyyymmdd.xml TargetGroups None
WsusMigrationImport.exe WSUS-yyyymmdd.xml Configuration None
WsusMigrationImport.exe WSUS-yyyymmdd.xml Approvals None
WsusMigrationImport.exe WSUS-yyyymmdd.xml Computers MoveComputers

I hope the above information is helpful to you. If the problem still
occurs, please help me gather following information:

1. Please help me capture screenshots of the window that the next button is
greyed out and send to v-mzhuan@xxxxxxxxxxxxx

To capture the image, we can perform the steps below:

(a) When the error message appears, press the Print Screen key several
times (this key is located to the right of the F12 key on the keyboard)
(b) Open Paint ['start' => 'All Programs' => 'Accessories' => 'Paint'].
(c) Click Edit (menu) -> Paste or press Ctrl + V.
(d) Click File (menu) -> Save. Save it as a .jpg or .gif file and send it
to me as an attachment.

2. Please download the MPS Report tool from the following link and run it
on the SBS server, then send the generated CAB file to my mailbox
v-mzhuan@xxxxxxxxxxxxx for further investigation so that we can find what
the root cause is:

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_SUS.EXE

For your information:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-
88B7-F9C79B7306C0&displaylang=en

Please try the above steps at your earliest convenience. If you have any
concern, please feel free to let me know.

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "AC" <gcsokai@xxxxxxxxx>
| Subject: WSUS: The encryption key cannot be retrieved
| Date: Sun, 14 Oct 2007 22:09:38 -0400
| Lines: 23
| Message-ID: <8AD682DC-0879-4A77-B3E3-83868C687CFA@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6000.16480
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
| X-MS-CommunityGroup-PostID: {8AD682DC-0879-4A77-B3E3-83868C687CFA}
| X-MS-CommunityGroup-MessageCategory:
{E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:69222
| NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| WSUS is no longer working. I re-entered the username/password, researched
on
| the web, etc.
| Anyone else seen this problem and successfully fixed it?
|
| Thanks,
| Attila
|
| Since the last round of updates, something happened and WSUS no longer
| works.
|
| Window Server Update Services encountered an error. The encryption key
| cannot be retrieved
|
| System.Security.Cryptography.CryptographicException: The encryption key
| cannot be retrieved. --->
| System.Security.Cryptography.CryptographicException: An error occurred in
| the DPAPI. HRESULT: 0x8007000D
| at Microsoft.UpdateServices.Internal.DataProtectionApi.Decrypt(Byte[]
| toDecrypt, Byte[] entropy, EncryptionLevel level)
| at
|
Microsoft.UpdateServices.Internal.EncryptionUtilities.GetEncryptionKeyThread
()
| --- End of inner exception stack trace ---
|
|


.

Quantcast