Identity Server – Error occurred during a cryptographic operation

YSOD:
Error occurred during a cryptographic operation

This one happened on our load-balanced servers and was a direct side-effect of using load-balancing with Identity Server v2.

If, for some reason, you need to make major changes (like picking a different crypto key), you need to recycle the app. Identity Server will load the crypto settings into memory and generate some keys during start-up. However, if you use the Identity Server admin interface to recycle, it only seems to recycle the current server (the one that you are load-balanced to). The other server will still be using the old settings. So, if you mess around with the keys (change permission, rename or remove them, etc.) you will get this error on the server.

Solution: To resolve it, you need to terminal into the server (or use MMC, remote attach), and recycle the app pool that is hosting your Identity Server (web app).

Another approach is to avoid this error, by logging into the Identity Server admin screens for both/all servers (by their actual IP/machine names instead of the load-balanced address), then change your settings and immediately recycle both app pools before the servers can generate this error.

Advertisements

About Tim Golisch

I'm a geek. I do geeky things.
This entry was posted in Errors, Lessons Learned and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s