Hi:We are testing the following scenario. We have 2 W2k8 boxes, using an iSCSI shared storage volume. We want to set up a CA cluster using a HSM. So far, we have followed the instructions described in articlehttp://technet2.microsoft.com/windowsserver2008/en/library/7b78577c-fbd5-4b28-8f44-d15c26dfcc111033.mspx?mfr=trueWe have set up the first node of the CA cluster, and of course, this CA used the HSM to generate and store its private key. However, we have problems setting up the second node. The second node has a connection with the same HSM, but when we run the commandcertutil repairstore My "{Serialnumber}", it fails with the following error:Private key is NOT exportableERROR: Certificate public key does not match private key. The Serialnumber corresponds to the CA certificate that was exported from the first CA node. The HSM has only one partition that includes only the keys of the first node. Right now, we do not know why the certutil -repairstore command is failing, and will appreciate it is someone could give us some guidance.FYI, the HSM is a Safenet Luna SA LRK020109.Regards,Luis.

You may need to include the CSP in the certutil -repairstore command line.For a CA computer using a Luna HSM, this would be: certutil -f -csp "CSPName" -repairstore my "SerialNumber"You need to replace the CSPName in the command above with the correct name for the current Luna CSP.Also ensure that you have imported the certificate correctly into the machine store.(run Certificates console as local admin focused on the local machine)HTH,Brian

Luis CarlosWe are running into the same problem than you. We executed the repairstore as instructed by Brian and the same thing happened, could you solve your problem?Adrian

Hi,Im trying to install thje second cluster node according to this instructions: http://technet2.microsoft.com/windowsserver2008/en/library/7b78577c-fbd5-4b28-8f44-d15c26dfcc111033.mspx?mfr=trueWhen executing certutil -f -csp "CSPName" -repairstore my "SerialNumber"I get error message:No key provider informationCannot find the certificate and private key for decryption.CertUtil: -repairstore command FAILED: 0x80092004 (-2146885628)CertUtil: Cannot find object or property.What could be wrong?The HSM is a Utimaco CryptoServer S10 LAN.danielu@avanade