Microsoft KB Archive/943358

= Error message on a computer that is running Windows XP when you select a certificate for a Web site: &quot;The page cannot be displayed&quot; =

Article ID: 943358

Article Last Modified on 10/12/2007

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional

-



SYMPTOMS
On a computer that is running Windows XP, you visit a Web site that requires a client certificate. You are prompted to select a certificate as expected. However, after you select the appropriate certificate, you receive one of the following error messages, as appropriate for the version of Windows Internet Explorer that is running:  Windows Internet Explorer 7 for Windows XP

Internet Explorer cannot display the webpage

 Microsoft Internet Explorer 6

The page cannot be displayed



Additionally, you experience the following symptoms:   The following Error event is logged in the System log: Event Type: Error

Event Source: Schannel

Event ID: 36870

Description: A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x80090016.  You may receive the following error message when you try to install a certificate by using a certificate enrollment Web page such as the Microsoft Windows Certification Authority Web page:

Unable to install the certificate:

Error: 080090016





CAUSE
This problem occurs if the following conditions are both true:
 * Your user profile is located on a drive that is formatted with the NTFS file system.
 * You do not have sufficient rights to the private key in the user profile.

This problem may occur if the default permissions in the profile folder structure have been modified. This problem occurs if your user account is no longer listed in the Permissions list for the profile folder.

Note Because the FAT file system and the FAT32 file system do not support security permissions on files and on folders, you do not experience this problem if the profile is located on a drive that is formatted to use the FAT file system.



RESOLUTION
To resolve this problem, grant the appropriate rights to the private key. To do this, use one of the following methods.

Method 1: Use the command-line
 Click Start, click Run, type cmd, and then click OK.</li> At the command prompt, type the following command, and then press ENTER:

cacls &quot;%appdata%\Microsoft\Crypto\RSA&quot; /t /e /c /g %userdomain%\%username%:F

</li> Exit the Command Prompt window, and then exit Windows Internet Explorer, if it is running.</li></ol>

Method 2: Use the graphical user interface (GUI)
<ol> If you are running Windows XP Home Edition, start the computer in safe mode. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Start the computer, and then press F8 repeatedly.</li> On the startup menu that appears, use the ARROW keys to select Safe Mode, and then press ENTER.</li></ol> </li> Log on to Windows by using your user account.</li> Configure Windows to show hidden files and folders. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, and then click My Computer.</li> On the Tools menu, click Folder Options.</li> Click the View tab, click Show hidden files and folders, and then click OK.</li></ol> </li> Start Windows Explorer, and then locate the following folder:



</li> Right-click the RSA folder, and then click Properties.</li> Click the Security tab, and then click Advanced.

Note The default permissions that appear in the Permissions entries list on the Permissions tab are listed in &quot;More Information&quot; section. By default, these permissions are inherited from your profile folder.</li> Click to select the Replace permission entries on all child objects with entries shown here that apply to child objects check box, and then click OK.</li> Click Yes when you are prompted to replace the permissions, and then click OK.</li> <li>If you are running Windows XP Home Edition, restart the computer in normal mode.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
The following table displays the default permissions that appear in the Permission entries list on the Permissions tab of the Advanced Security Settings for RSA dialog box in Windows XP.

Keywords: kbeventlog kberrmsg kbexpertisebeginner kbtshoot kbprb KB943358

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.