Follow

Error: Unable to Download PKCS#12 From Aperture and WebAdmin (Temporary Profile)

Applies to:

All versions of Venafi

Symptom:

When trying to save a certificate including the private key, it fails. The private key can not be stored.

Cause:

A common cause for this is if the user is currently using a temporary windows profile. That is, when a profile is created for the logged-on user due to inaccessibility of the "real" windows profile. This temporary profile has limited access to temporary file storage, and when trying to store the private key, it fails.

https://msdn.microsoft.com/en-us/library/windows/desktop/bb776898%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

WHY this happens varies, but can include some process running that delays the full load of a profile too long (e.g. virus scanning) or an error actually loading the profile.

Similar Issue / Cause:

https://support.venafi.com/hc/en-us/articles/232076748

The resolution is similar, but slightly different, so please be sure which is actually applicable.

Resolution:

Either the old profile needs to be restored, or a new "full" profile created.  This article (at the time of writing this) has several details:

https://www.itsmdaily.com/easy-how-to-fix-temporary-profile-in-microsoft-windows-and-microsoft-server/

The short version though looks something like this:

  1. Using RegEdit, find the current temporary profile. The "original" profile will have a BAK appended to it. The profiles are stored under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  2. Rename the current profile to .NEW and then remove the .BAK extension, restoring the registry portion of the original profile.

Try logging off and back on. If this works, you're done. If not, you may need to just delete the old profile and build a new one, as follows (again, the short version):

  1. Log on as a local administrator, or someone ELSE who has admin rights - not the affected user.
  2. Backup the original profile on the disk (in later versions of Windows, usually under c:\Users) by making a copy. This is to preserve any user files.
  3. Remove the offending user from the system via the Control Panel | Manage Users.
  4. Log off and the back on as the user. This will create a brand-new real / full profile.
  5. Go to the backed up files (step 2) and restore whatever is missing.

Once you're logged in with a full profile, the problem should be resolved and the private key should be able to be stored/downloaded.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments