Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

(841798) - Describes an issue that may occur when you try to install a machine certificate on a Windows XP-based computer where Windows was installed by using an unattended installation.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 841798 - Last Review: May 28, 2004 - Revision: 1.1

"Machine Certificate cannot be installed" error message in Windows XP

View products that this article applies to.
System TipThis article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows Vista Solution Center

SYMPTOMS

When you try to install a machine certificate on a Microsoft Windows XP-based computer, you may receive the following error message:
Machine Certificate cannot be installed, Error 0x80090016 NTE_BADKEYSET
Back to the top

CAUSE

This issue may occur if you perform an unattended installation of Windows XP, and you configure the installation to host the user profiles on a drive or drive partition other than the startup drive partition. In this situation, the permissions inheritance from the MachineKeys folder may not work correctly. After the Setup program requests a certificate, the private key file is created in the MachineKeys folder. This file does not inherit full control permissions from the MachineKeys folder.
Back to the top

WORKAROUND

To work around this issue, follow these steps:
  1. Create a batch file named SetMachineACLs.bat with the following commands: 
    convert d: /FS:NTFS
	rmdir "D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" 
	regsvr32 rsaenh.dll
	rmdir "D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys"
	regsvr32 dssenh.dll
  2. Save SetMachineACLs.bat file in the c:\scripts folder.
  3. Edit the Unattend.bat file to add the following switches to the winnt32 command line:
    /copydir:i386\scripts
/cmd:c:\scripts\SetMachineACLs.bat
Back to the top
APPLIES TO
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
Back to the top
Keywords: 
kbprb KB841798
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting