VMware Cloud Community
benny_hauk
Enthusiast
Enthusiast

How to Fix SSL failures after cloning ssl-enabled VM (or any sysprep'd svr)

Problem:

I used VMWare Converter with customizations enabled (new UUID/SID generated) to create a clone of an existing web server that had an SSL cert installed for https usage.

After the process ended the SSL site on the clone wouldn't respond (it would connect then immediately disconnect). Regular HTTP worked, but HTTPS wouldn't. I finally found this error in the System Event Log (source=Schannel):

"A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016."

Solution:

Copy all files in the MachineKey folder on the source machine to the MachineKey folder on the new (destination) machine - the idea is that making the machine unique changes these files (at least their names). The MachineKey folder is located at:

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

Run IISRESET.

It ought to work now. If it still doesn't work see caveat #2 below.

Caveats:

1) When I did this none of the files copied from the source overwrote the files on the destination (I think that's the idea as to why it failed). If it says it's going to overwrite, proceed at your own risk - make backups of the little files being overwritten first.

2) You may have to apply proper security to those files you copied after copying - Verify that those files have proper permissions after the copy (Administrator/SYSTEM: FULL CONTROL). If they have empty permissions assign them the proper rights.

Benny Hauk Systems Admin, VCP3/VCP4 LifeWay Chrstian Resources
Reply
0 Kudos
0 Replies