SCP login results in "Schannel" events in System event log

Version 4

    Verified Product Versions

    Management Center 10.0Management Center 10.1Environment Manager 10.0Environment Manager 10.1


    When logging into the Server Configuration Portal you may notice an error in the System event log. First of all, check if the error corresponds with the exact same time you logged into the SCP as this error can be raised from other applications. If the error correlates with the SCP login please see the steps below to rectify the issue.



    A fatal error occurred when attempting to access the SSL Client credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10003.


    It is worth noting that this error does not stop you from logging into the SCP.



    Typically this error relates to a permissions problem on the certificate pair keys folder, sub-folders or files: C:\ProgramData\Microsoft\Crypto\RSA


    Before we make any changes we need to work out where the problem is and the best way to do this is to use Process Monitor from Windows Sysinternals. Within Process Monitor you can create a filter (see below) for the above RSA folder and then generate a capture whilst logging into the SCP.


    You should then be able to identify the folders or files where the file operation results in an access denied message. Example below:

    Note: The filenames will be different in every environment as they are generated when a certificate is create/imported.


    In the above example, the permissions on the following two files were incorrect:




    The correct permissions for the certificate files are as follows:


    SYSTEM = Full Control



    Once your certificate files and folders permissions are correct, you should find that the error in the event log no longer occurs.