Applies to:
Microsoft Windows 2008 R2
Venafi Encryption Director 6.1
Symptom:
The following error occurs when accessing WebAdmin:
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Error reading configuration information from the registry.
Source Error:
Line 42: </add>
Line 43: </httpModules>
Line 44: <identity impersonate="true" userName="registry:HKLM\SOFTWARE\Venafi\Platform\Identity\ASPNET_SETREG,userName" password="registry:HKLM\SOFTWARE\Venafi\Platform\Identity\ASPNET_SETREG,password" />
Line 45: </system.web>
Line 46: <!--
Source File: C:\Program Files\Venafi\Web\Admin\web.config Line: 44
Cause:
This issue was encountered after an upgrade from Director 6.0.2 to 6.1 using Windows Auth User Account Credentials.
Resolution:
Do the following to solve the issue:
- Open a Command prompt using an Administrator account with elevated privileges.
- Change directory to c:\Program Files\Venafi\Utilities\
cd "c:\Program Files\Venafi\Utilities\"
- Run the aspnet_setreg.exe utility.
aspnet_setreg.exe -k:SOFTWARE\Venafi\Platform\Identity -u:username@domain.com -p:password
• Domainname is your organization’s domain name.
• Username is the Windows Auth User account.
• Password is the password for the Windows Auth User account. - Click Start > Run, then type “regedit” and click OK.
- Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Venafi\Platform\Identity\ASPNET_SETREG
- In the Left hand Navigation Pane right click on ASPNET_SETREG and choose export. Save the file.
- Right Click on the the file just saved and choose edit.
- Change the location of the registry entry in the file.
Current Location:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Venafi\Platform\Identity\ASPNET_SETREG]
Change to:
[HKEY_LOCAL_MACHINE\SOFTWARE\Venafi\Platform\Identity\ASPNET_SETREG]
Note: The aspnet_setreg.exe is a 32 bit utility and Windows 2008 R2 is a 64 bit utility. For this reason, the utility creates the credentials under the Wow6432Node directory instead of the 64 bit location. We are just moving the credentials to the proper location using a .reg file. - Double click on the newly created .reg file.
- Open up WebAdmin and login should now be possible.
Comments
At one customer I was working with, we had to use -u:username@fqdn.domainname.com instead of -u:domain\username in order to make this work.. something to try if the steps above don't work immediately.