Error in Application log

Windows XP Pro and SQL Server Personal 2000 with sp3
I get three errors that are very similar
I would appreciate some guidance
Unprotection of auditable protected data.
Data Description: SQL Server Registration
Key Identifier: 96b4b79c-9197-4c12-a733-d773753fedd8
Protected Data Flags: 0x0
Protection Algorithms: 3DES-168 , SHA1-160
Failure Reason: 0x8009000B
For more information, see Help and Support Center atHi Mark,
The problem seems to be related to Protected Storage and password, OS
security feature. Have you performed an administrative password reset or
change password?
On Windows XP, Protected Storage uses the user's password exclusively to
encrypt user data, such as RSA private keys for current user key container.
Whenever the user password is changed, Protected Storage subsystem is
automatically notified of
this event, and is supplied with both the old and new passwords. This
allows Protected Storage to decrypt all of its master keys with the old
password, and re-encrypt them using the new password.
Prior to Windows XP, a machine secret was used by Protected Storage to
encrypt the master RSA keys rather than the user password exclusively.
Using a machine secret made Protected Storage more robust, but the user
data could be accessed by anyone with local administrative access to the
machine.
If you use the standard change password mechanism by entering the old and
new passwords, everything will work fine. If you performed an
administrative password reset, the old password is not available, and so
access to the master keys is lost. This is by design in Windows XP. In this
scenario, CryptAcquireContext() API will fail with NTE_BAD_KEYSET
(80090016), even if the key container already exists and the caller has
permissions to open the key container.
You will also get a "Failure Audit" 599 Event ID in the Security Log with
the following description
Unprotection of auditable protected data.
Data Description: Export Flag
Key Identifier: 38fb8fc8-7c1e-40bc-aa8f-00d94ef0056e
Protected Data Flags: 0x0
Protection Algorithms: 3DES-168 , SHA1-160
Failure Reason: 0x8009000B
It is best to post in Windows-specific newsgroups for accurate information.
I am providing the information based on my research.
1. One could use Password Recovery Disk as explained in Q290260, if the
customer already made one and if this is a Windows XP-based computer that
is member of a workgroup.
2. If the user puts their password back to what it was originally when the
key container/RSA key pair was initially created, then everything will work
fine thereafter.
290260 EFS, Credentials, and Private Keys from Certificates Are Unavailable
http://support.microsoft.com/?id=290260
Bill Cheng
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--
| From: "Mark A Gregory" <mgregory@.gt.com.au>
| Subject: Error in Application log
| Date: Fri, 1 Aug 2003 22:13:48 +1000
| Lines: 23
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <u8JveZCWDHA.1480@.tk2msftngp13.phx.gbl>
| Newsgroups: microsoft.public.sqlserver.server
| NNTP-Posting-Host: 203.34.248.5
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.sqlserver.server:299038
| X-Tomcat-NG: microsoft.public.sqlserver.server
|
| Windows XP Pro and SQL Server Personal 2000 with sp3
|
| I get three errors that are very similar
| I would appreciate some guidance
|
|
| Unprotection of auditable protected data.
|
| Data Description: SQL Server Registration
|
| Key Identifier: 96b4b79c-9197-4c12-a733-d773753fedd8
|
| Protected Data Flags: 0x0
|
| Protection Algorithms: 3DES-168 , SHA1-160
|
| Failure Reason: 0x8009000B
|
|
|
| For more information, see Help and Support Center at
|
|
||||Hi Mark,
The problem seems to be related to Protected Storage and password, OS
security feature. Have you performed an administrative password reset or
change password?
It is best to re-post this issue in Windows-specific newsgroups for
accurate information since this newsgroup focuses on SQL Server specific
issues only.
I've included some information for your reference based on my research.
1. One could use Password Recovery Disk as explained in Q290260, if the
customer already made one and if this is a Windows XP-based computer that
is member of a workgroup.
2. If the user puts their password back to what it was originally when the
key container/RSA key pair was initially created, then everything will work
fine thereafter.
290260 EFS, Credentials, and Private Keys from Certificates Are Unavailable
http://support.microsoft.com/?id=290260
If the information does not help, please re-post in the
microsoft.public.windowsxp.security_admin or
microsoft.public.windowsxp.general for a better response. The reason why we
recommend posting appropriately is you will get the most qualified pool of
respondents, and other customers who use the newsgroups regularly can
either share their knowledge or learn from your interaction with us.
On Windows XP, Protected Storage uses the user's password exclusively to
encrypt user data, such as RSA private keys for current user key container.
Whenever the user password is changed, Protected Storage subsystem is
automatically notified of this event, and is supplied with both the old and
new passwords. This allows Protected Storage to decrypt all of its master
keys with the old password, and re-encrypt them using the new password.
Prior to Windows XP, a machine secret was used by Protected Storage to
encrypt the master RSA keys rather than the user password exclusively.
Using a machine secret made Protected Storage more robust, but the user
data could be accessed by anyone with local administrative access to the
machine.
If you use the standard change password mechanism by entering the old and
new passwords, everything will work fine. If you performed an
administrative password reset, the old password is not available, and so
access to the master keys is lost. This is by design in Windows XP. In this
scenario, CryptAcquireContext() API will fail with NTE_BAD_KEYSET
(80090016), even if the key container already exists and the caller has
permissions to open the key container.
You will also get a "Failure Audit" 599 Event ID in the Security Log with
the following description
Unprotection of auditable protected data.
Data Description: Export Flag
Key Identifier: 38fb8fc8-7c1e-40bc-aa8f-00d94ef0056e
Protected Data Flags: 0x0
Protection Algorithms: 3DES-168 , SHA1-160
Failure Reason: 0x8009000B
Bill Cheng
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--
| From: "Mark A Gregory" <mgregory@.gt.com.au>
| Subject: Error in Application log
| Date: Fri, 1 Aug 2003 22:13:48 +1000
| Lines: 23
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <u8JveZCWDHA.1480@.tk2msftngp13.phx.gbl>
| Newsgroups: microsoft.public.sqlserver.server
| NNTP-Posting-Host: 203.34.248.5
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.sqlserver.server:299038
| X-Tomcat-NG: microsoft.public.sqlserver.server
|
| Windows XP Pro and SQL Server Personal 2000 with sp3
|
| I get three errors that are very similar
| I would appreciate some guidance
|
|
| Unprotection of auditable protected data.
|
| Data Description: SQL Server Registration
|
| Key Identifier: 96b4b79c-9197-4c12-a733-d773753fedd8
|
| Protected Data Flags: 0x0
|
| Protection Algorithms: 3DES-168 , SHA1-160
|
| Failure Reason: 0x8009000B
|
|
|
| For more information, see Help and Support Center at
|
|
|