Fixing keyset errors on the neuron

If you have trouble setting up your neuron and see in the event logs, which you can see in IoT Gateway/Events/ get one of the errors:

• “Unable to get access to cryptographic key for database file C:\ProgramData\IoT Gateway\Data\<FILE_NAME>. (Object already exists.) Was the database created using another user?”
• “Unable to get access to cryptographic key for database file C:\ProgramData\IoT Gateway\Data\<FILE_NAME>. (Keyset does not exist.) Was the database created using another user?”
• “Unable to get access to cryptographic key for database file C:\ProgramData\IoT Gateway\Data\<FILE_NAME>. (Access denied.) Was the database created using another user?”

You installed the neuron in a bad way. What happened to me was that I had run the installer as administrator. This then creates the encryption keys, and then when the neuron starts running, it does not have the privileges to read them.

I recommend reading all the steps once before beginning the restoration. And always be careful, I figured out these steps on a computer that did not have any sensitive or important data so was not worried about breaking anything. Lastly, I would not consider myself deeply knowledgeable about the windows operating system so take everything with a grain of salt and preferably double check that what you are doing is correct.

What to do:

1. Uninstall the neuron
2. Delete everything in IoT Gateway/Data (be careful as this will delete all persistence files/data on the neuron)
3. Go to ProgramData/Microsoft/Crypto/RSA/MachineKeys
4. What we need to do here is to delete all the keys created by the installer, these keys are the persistence encryption keys generated by the installer. There probably are multiple ways of finding the correct files to delete but one way is to find every file containing any file path relating to /Iot Gateway. To do this download and extract the windows utility tools at https\://learn.microsoft.com/en-gb/sysinternals/downloads/psexec .
5. Run PowerShell as administrator and navigate to the folder containing the tools.
6. Run “./PsExec.exe -i -s C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe”. This will start a PowerShell instance running as the SYSTEM user (this is neccesary to later read the machine keyset files).
7. Accept the terms and conditions of the external tool. Now you need to be careful since you now have a PowerShell logged in as the SYSTEM.
8. Navigate to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9. Run the command: “findstr /s /m “IoT Gateway” /*” This will list all the files containing the string “IoT Gateway” in its content. You should be good to go to delete all those files (you can do that with the file explorer as a normal administrator) but be careful to not delete any other files. If you are comfortable, you could create a script to delete these files, but it should not take too long to do it manually, especially if you only have the Files.master file in /Data (every file there got its own encryption keyset). A few tips to speed up the process of deleting the keys are:

• The keys are usually concurrent when sorting by Date modified in the windows explorer
• Whenever you see a long time step in date modified, look in both files to see if they are a part of the IoT Gateway keysets, (run Get-Content <filename> in the PowerShell running as SYSTEM) Or check that the files are in the file list outputted by the findstr

10. Then lastly reinstall the neuron as normal.

Now it should work as normal again.

Notes:

• These instructions could also be useful if you manually deleted all the files in /Data and when trying to reinstall the neuron get one of these errors.
• Other ways of finding out which files you should delete if you don’t want to use these external tools, you could find the keys created at the same time as you installed the neuron, and make yourself the owner of the file, give you read permission to see if they are the correct one (do this with the first and the last in the time period when sorting by date modified to find which “block” of keys where created by the installer). Though i would recommend doing the first way explained since it contains fewer risks regarding not potentially delete or changing permissions on unwanted files.

#neuron, #tutorial, #install, #troubleshooting, #error