Trouble shooting windows certificate problems.

最新推荐文章于 2023-02-23 15:40:12 发布

realduke2000

最新推荐文章于 2023-02-23 15:40:12 发布

阅读量1.9k

点赞数

分类专栏：密码学 .NET 文章标签： windows exchange exception permissions microsoft warnings

本文链接：https://blog.csdn.net/realduke2000/article/details/7886105

版权

.NET 同时被 2 个专栏收录

25 篇文章

订阅专栏

密码学

6 篇文章

订阅专栏

A simple way to to enable CAPI2 LOG at eventvwr -> applications and services log -> microsoft -> windows -> CAPI2 -> operational.

Such like this, I encounter this problem, obviously it's a certificate issue, UnsupportedCryptographicSetException, who TMD knows what you(WIN8) are supporting and what features you have cut.

While I'm boring with this, I found this article and enabled CAPI2 logs, then the original problem was exposed, so I can fix it right now.

Error:

========

Results : Checking Exchange Server ...

- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://exhv-1107/_wmcs/certification.
Verifying RMS version for https://exhv-1107/_wmcs/certification ...
- PASS: RMS Version verified successfully.
Retrieving RMS Publishing Uri ...
- PASS: RMS Publishing Uri: https://exhv-1107dom.extest.microsoft.com/_wmcs/licensing.
Acquiring Rights Account Certificate (RAC) and Client Licensor Certificate (CLC) ...
- WARNING: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate
(CLC). This failure may cause features such as Transport Decryption, Transport Protection Rules, Journal
Report Decryption, IRM in Outlook Web App, IRM in Exchange ActiveSync, and IRM Search to not work. Make sure
that the Exchange Servers Group is granted "Read" and "Read & Execute" rights on the
ServerCertification.asmx and Publish.asmx pipelines on your AD RMS server. For details, see "Set Permissions
on the AD RMS Certification Pipeline" at http://go.microsoft.com/fwlink/?LinkId=186951.
----------------------------------------
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to acquire server box RAC
from https://exhv-1107/_wmcs/certification/servercertification.asmx. --->
System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Exception of type
'System.Web.Services.Protocols.SoapException' was thrown. --->
Microsoft.DigitalRightsManagement.Cryptography.UnsupportedCryptographicSetException: Exception of type
'Microsoft.DigitalRightsManagement.Cryptography.UnsupportedCryptographicSetException' was thrown.
--- End of inner exception stack trace ---
at Microsoft.DigitalRightsManagement.Certification.BaseCertificationWebService.Certify(CAType caType,
CertifyParams requestParameters)
at Microsoft.DigitalRightsManagement.Certification.ServerCertificationWebService.Certify(CertifyParams
requestParams)
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message,
WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
at Microsoft.Exchange.Net.WsAsyncProxyWrapper.EndInvoke(IAsyncResult result)
at Microsoft.Exchange.Security.RightsManagement.SOAP.ServerCertification.ServerCertificationWS.EndCertify(
IAsyncResult asyncResult)
at Microsoft.Exchange.Security.RightsManagement.ServerCertificationWSManager.EndAcquireRac(IAsyncResult
asyncResult)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.EndAcquireInternalOrganizationRACAndC
LC(IAsyncResult asyncResult) in
\\EXSRC\SOURCES\ALL\14.03.0082.000\sources\dev\data\src\storage\rightsmanagement\RmsClientManager.cs:line
2896
at
Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.EndAcquireTenantLicenses(IAsyncResult
asyncResult) in
\\EXSRC\SOURCES\ALL\14.03.0082.000\sources\dev\data\src\storage\rightsmanagement\RmsClientManager.cs:line
1007
at Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.AcquireTenantLicenses(RmsClientManage
rContext context, Uri licenseUri) in
\\EXSRC\SOURCES\ALL\14.03.0082.000\sources\dev\data\src\storage\rightsmanagement\RmsClientManager.cs:line 964
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc() in \\EXSRC\S
OURCES\ALL\14.03.0082.000\sources\dev\Management\src\Management\rms\IRMConfigurationValidator.cs:line 355
----------------------------------------

OVERALL RESULT: PASS with warnings on disabled features

EventLog:
=============

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000001</Keywords>
<TimeCreated SystemTime="2012-08-20T05:12:59.990288400Z" />
<EventRecordID>441</EventRecordID>
<Correlation />
<Execution ProcessID="7608" ThreadID="2920" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>EXHV-1107.EXHV-1107dom.extest.microsoft.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <UserData>
- <CertVerifyCertificateChainPolicy>
<Policy type="CERT_CHAIN_POLICY_SSL" constant="4" />
<Certificate fileRef="3131F84A08AE532FCFEFBD897DE256D741A9B4FE.cer" subjectName="EXHV-1107" />
<CertificateChain chainRef="{62CD22FC-52E2-4318-A559-B956636D3922}" />
<Flags value="0" />
- <SSLAdditionalPolicyInfo authType="server" serverName="exhv-1107dom.extest.microsoft.com">
<IgnoreFlags value="0" />
</SSLAdditionalPolicyInfo>
<Status chainIndex="0" elementIndex="0" />
<EventAuxInfo ProcessName="w3wp.exe" />
<CorrelationAuxInfo TaskId="{69EA1F92-583C-4101-8C71-95FD2A22F8BD}" SeqNumber="1" />
<Result value="800B010F">The certificate's CN name does not match the passed value.</Result>
</CertVerifyCertificateChainPolicy>
</UserData>
</Event>