Environment Information: OS: Windows Server 2008 x64 bit (Virtual Instance) CLM: x64bit Database: SQL 2008 x64bit (Local) Configure CA with CSP (Local) Certificate templates: CLM Enrollment Agent, CLM Key Recovery Agent, CLM User with CSP CLM users: clmAgent, clmAuthAgent, clmCAMngr, clmEnrollAgent, clmKRAgent and clmWebPool created manually Added appropriate HASH values in web.config, Problem description Requesting certificate from the CLM gives the following error... Please note the following information and contact your system administrator: Encryption certificate was not found in the MY store of the Clm Agent user. Technical Details Type: Microsoft.Clm.Shared.ClmInvalidDataException Source: Microsoft.Clm.BusinessLayer Stack Trace: at Microsoft.Clm.BusinessLayer.DataEncryption.getEncryptionCertificateForRSA(Byte[] certHash) To continue press the browser's BACK button. If this error persists, please contact your system administrator. Event Log: Message:Exception of type 'System.Web.HttpUnhandledException' was thrown. Type:System.Web.HttpUnhandledException Source:System.Web Stack Trace: at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.content_sm_requests_subscriberenrollinitiate_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\clm\07c37297\7055ce71\App_Web_bzf-77bb.3.cs:line 0 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Inner Exception:Message:Unable to access the encryption certificate: System.Byte[]. Type:System.UnauthorizedAccessException Source:Microsoft.Clm.BusinessLayer Stack Trace: at Microsoft.Clm.BusinessLayer.DataEncryption.getEncryptionCertificateForRSA(Byte[] certHash) at Microsoft.Clm.BusinessLayer.DataEncryption.Encrypt(String clearText) at Microsoft.Clm.BusinessLayer.DefaultSecretProvider.BuildXml(String[] secrets, DateTime expiration) at Microsoft.Clm.BusinessLayer.DefaultSecretProvider.GenerateSecrets(Request request) at Microsoft.Clm.BusinessLayer.Create.commonRequestCreate(Guid targetUserUuid, UserProfile profileTemplate, RequestType requestType, RequestFlags requestFlags, TypeSpecificData requestData, String comment, Byte requestPriority) at Microsoft.Clm.BusinessLayer.Create.EnrollRequest(Guid profileTemplateUuid, Guid targetUserUuid, RequestFlags requestFlags, String comment, Byte requestPriority) at Microsoft.Clm.BusinessLayer.Create.CreateSelfEnrollRequest(Guid profileTemplateUuid, Guid userUuid, String comment) at Microsoft.Clm.Web.SubscriberEnrollInitiate.CreateAndTransfer() at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Inner Exception:Message:Encryption certificate was not found in the MY store of the Clm Agent user. Type:Microsoft.Clm.Shared.ClmInvalidDataException Source:Microsoft.Clm.BusinessLayer Stack Trace: at Microsoft.Clm.BusinessLayer.DataEncryption.getEncryptionCertificateForRSA(Byte[] certHash) <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in .75in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> I would really appreciate if I get any suggestions / Ideas for solve this error. Thanks, Partha

Do you have an agent cert on that machine? Is it based on a cert template that supports the required uses? It also must use a CSP that supports AES.AhmadAW

Dear Ahmad, Thank you for your reply. Yes, I have an agent certificate on my machine. It is based on cert template that supports the required uses / users. Also my CSP supports AES Please let me know if you any question to narrow down that problem "Encryption certificate was not found in the MY store of the Clm Agent user" Thanks again, Regards, Partha

How did you create the custom certificate? I have seen this error when you have created a custom certificate template that does not allow Key Exchange only with Key Encryption for the Key Usage. Make sure that you duplicated the User certificate template, not a signing only template (AuthenticatedSession or User Signature Only) when you created the certificate template. For the user certificate template, I change three things:1) The CSP toan AES compatible CSP2) Remove EFS and S/MIME from Key Usages3) Remove Email name from the SUbject and SANBrian

Hi, I am also getting this error. I am sure the Wizard installed the correct certs and I duplicated the User Cert and added the requirements above. Here is the error: Log Name: FIM Certificate Management Source: System.Web Date: 12/3/2009 10:32:21 AM Event ID: 0 Task Category: None Level: Error Keywords: Classic User: N/A Computer: FIM_Server.fabrikam.com Description: Message:Exception of type 'System.Web.HttpUnhandledException' was thrown. Type:System.Web.HttpUnhandledException Source:System.Web Stack Trace: at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.content_sm_requests_initializexenroll_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\certificatemanagement\a8741d44\95e9fa81\App_Web_4bnfyesh.11.cs:line 0 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Inner Exception:Message:Error executing child request for ../../sm/requests/SubscriberEnrollExecute.aspx. Type:System.Web.HttpException Source:System.Web Stack Trace: at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride) at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm) at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at System.Web.HttpServerUtility.Transfer(String path) at Microsoft.Clm.Web.InitializeXEnroll.hidButton_Click(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="System.Web" /> <EventID Qualifiers="0">0</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-12-03T15:32:21.000Z" /> <EventRecordID>27</EventRecordID> <Channel>FIM Certificate Management</Channel> <Computer>FIM_Server.fabrikam.com</Computer> <Security /> </System> <EventData> <Data>Message:Exception of type 'System.Web.HttpUnhandledException' was thrown. Type:System.Web.HttpUnhandledException Source:System.Web Stack Trace: at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.content_sm_requests_initializexenroll_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\certificatemanagement\a8741d44\95e9fa81\App_Web_4bnfyesh.11.cs:line 0 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously) Inner Exception:Message:Error executing child request for ../../sm/requests/SubscriberEnrollExecute.aspx. Type:System.Web.HttpException Source:System.Web Stack Trace: at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride) at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm) at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at System.Web.HttpServerUtility.Transfer(String path) at Microsoft.Clm.Web.InitializeXEnroll.hidButton_Click(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)</Data> </EventData> </Event> Thanks, Greg