Microsoft KB Archive/841798

= &quot;Machine Certificate cannot be installed&quot; error message in Windows XP =

Article ID: 841798

Article Last Modified on 5/28/2004

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional

-





SYMPTOMS
When you try to install a machine certificate on a Microsoft Windows XP-based computer, you may receive the following error message:

Machine Certificate cannot be installed, Error 0x80090016 NTE_BADKEYSET



CAUSE
This issue may occur if you perform an unattended installation of Windows XP, and you configure the installation to host the user profiles on a drive or drive partition other than the startup drive partition. In this situation, the permissions inheritance from the MachineKeys folder may not work correctly. After the Setup program requests a certificate, the private key file is created in the MachineKeys folder. This file does not inherit full control permissions from the MachineKeys folder.



WORKAROUND
To work around this issue, follow these steps:   Create a batch file named SetMachineACLs.bat with the following commands: convert d: /FS:NTFS rmdir &quot;D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys&quot; regsvr32 rsaenh.dll rmdir &quot;D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys&quot; regsvr32 dssenh.dll  Save SetMachineACLs.bat file in the c:\scripts folder.  Edit the Unattend.bat file to add the following switches to the winnt32 command line: /copydir:i386\scripts /cmd:c:\scripts\SetMachineACLs.bat 

Keywords: kbprb KB841798

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.