locked
Windows 2012 R2: Crypto Shell Extensions has stopped working on an attmpt to install CA Root certificate. RRS feed

  • Question

  • On an attempt to install CA Root certificate exported from an MS AD domain onto a standalone MS Server Windows 2012 R2 Standard I am getting "Crypto Shell Extensions has stopped working" error message at the very last step to import the certificate in Certificate Import Wizard. The CA Root certificate is valid for for 25 years, I have no problem installing it on my MS Windows 7 desktop though.

    Next gets logged in Windows Application Event Log:

    Fault bucket , type 0
    Event Name: APPCRASH
    Response: Not available
    Cab Id: 0

    Problem signature:
    P1: rundll32.exe_cryptext.dll
    P2: 6.3.9600.17415
    P3: 54504eb8
    P4: ncryptprov.dll
    P5: 6.3.9600.17415
    P6: 545042f2
    P7: c0000005
    P8: 0000000000011b85
    P9:
    P10:

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Windows Error Reporting" />
      <EventID Qualifiers="0">1001</EventID>
      <Level>4</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2016-05-18T20:26:45.000000000Z" />
      <EventRecordID>1051</EventRecordID>
      <Channel>Application</Channel>
      <Computer>vaultnv1</Computer>
      <Security />
      </System>

    - <EventData>
      <Data />
      <Data>0</Data>
      <Data>APPCRASH</Data>
      <Data>Not available</Data>
      <Data>0</Data>
      <Data>rundll32.exe_cryptext.dll</Data>
      <Data>6.3.9600.17415</Data>
      <Data>54504eb8</Data>
      <Data>ncryptprov.dll</Data>
      <Data>6.3.9600.17415</Data>
      <Data>545042f2</Data>
      <Data>c0000005</Data>
      <Data>0000000000011b85</Data>
      <Data />
      <Data />
      <Data />
      <Data>C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_cry_5e77194d83e64aae6bea8811e1e158fe8fa5e7a_f9f82d40_2157a85e</Data>
      <Data />
      <Data>0</Data>
      <Data>acb6030e-1d35-11e6-80bb-e41f13d540c8</Data>
      <Data>2048</Data>
      <Data />
      </EventData>
      </Event>

    -----------------------------------------------------------------------------------------------------------------------------

    Faulting application name: rundll32.exe_cryptext.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
    Faulting module name: ncryptprov.dll, version: 6.3.9600.17415, time stamp: 0x545042f2
    Exception code: 0xc0000005
    Fault offset: 0x0000000000011b85
    Faulting process id: 0x828
    Faulting application start time: 0x01d1b142680ae27f
    Faulting application path: C:\Windows\system32\rundll32.exe
    Faulting module path: C:\Windows\system32\ncryptprov.dll
    Report Id: acb6030e-1d35-11e6-80bb-e41f13d540c8
    Faulting package full name:
    Faulting package-relative application ID:

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2016-05-18T20:18:25.000000000Z" />
      <EventRecordID>1050</EventRecordID>
      <Channel>Application</Channel>
      <Computer>vaultnv1</Computer>
      <Security />
      </System>
    - <EventData>
      <Data>rundll32.exe_cryptext.dll</Data>
      <Data>6.3.9600.17415</Data>
      <Data>54504eb8</Data>
      <Data>ncryptprov.dll</Data>
      <Data>6.3.9600.17415</Data>
      <Data>545042f2</Data>
      <Data>c0000005</Data>
      <Data>0000000000011b85</Data>
      <Data>828</Data>
      <Data>01d1b142680ae27f</Data>
      <Data>C:\Windows\system32\rundll32.exe</Data>
      <Data>C:\Windows\system32\ncryptprov.dll</Data>
      <Data>acb6030e-1d35-11e6-80bb-e41f13d540c8</Data>
      <Data />
      <Data />
      </EventData>
      </Event>

    Any help will be appreciated.

    Thanks,

    Leo

    Thursday, May 19, 2016 8:57 PM

Answers

  • Thanks Lain. I've got an open service request with CyberArk people and was told that at least in the past they had a similar issue had happening after a server undergo their server hardening procedure. I was recommended to use certmgr command line utility, what I did to get a certificate installed. That solved my issue. Thank you for replying.
    • Marked as answer by Leo Kol Tuesday, May 31, 2016 5:16 PM
    Tuesday, May 31, 2016 5:16 PM
  • Hi Leo,

    The certificate won't be the cause of the issue. Essentially, what your crash information at the top highlights is a fault in the crypto API resulting in an "access denied" condition. This brings it back to some form of issue with the DLLs that make up the cryptographic library.

    There's no easy way forward with this, however, I would point out that KB2919355 - sometimes known as "update 1" for Windows Server 2012 R2/8.1 has a spiritual successor in KB3000850 (which I, at least, refer to as update 2 given it's size and introduction of new features).

    You might want to try applying KB3000850 in the hope it brings the library versions - much like the stars, into alignment.

    Cheers,
    Lain

    • Edited by Lain Robertson Wednesday, May 25, 2016 11:16 PM Formatting.
    • Marked as answer by Leo Kol Tuesday, May 31, 2016 5:16 PM
    Wednesday, May 25, 2016 11:16 PM

All replies

  • Hi,

    First, please try to run the DISM to check if there is any corrupt system file:

    https://support.microsoft.com/en-us/kb/947821

    Also, please make sure that the server has been fully patched.

    Best Regards,


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, May 23, 2016 4:02 AM
  • Thanks Steven. As it appears the server is up to date as far as I can tell. The server security is hardened and I can't access the Internet from the box though. I've checked that  Windows8.1-KB2919355-x64, Windows8.1-KB2932046-x64, Windows8.1-KB2934018-x64, Windows8.1-KB2937592-x64 and Windows8.1-KB2938439-x64 are installed. I wonder if a service or something along that line is not running and preventing the certificate to be installed. I am going try to deploy a different cert see if any cert is failing.

    Thank you again,
    Wednesday, May 25, 2016 5:29 PM
  • No certificate can be installed. The wizard quits after "Finish" button is clicked.
    Wednesday, May 25, 2016 5:42 PM
  • I've run "sfc /scannow" on the server, no integrity violations were found.
    Wednesday, May 25, 2016 5:50 PM
  • Hi Leo,

    The certificate won't be the cause of the issue. Essentially, what your crash information at the top highlights is a fault in the crypto API resulting in an "access denied" condition. This brings it back to some form of issue with the DLLs that make up the cryptographic library.

    There's no easy way forward with this, however, I would point out that KB2919355 - sometimes known as "update 1" for Windows Server 2012 R2/8.1 has a spiritual successor in KB3000850 (which I, at least, refer to as update 2 given it's size and introduction of new features).

    You might want to try applying KB3000850 in the hope it brings the library versions - much like the stars, into alignment.

    Cheers,
    Lain

    • Edited by Lain Robertson Wednesday, May 25, 2016 11:16 PM Formatting.
    • Marked as answer by Leo Kol Tuesday, May 31, 2016 5:16 PM
    Wednesday, May 25, 2016 11:16 PM
  • Thanks Lain. I've got an open service request with CyberArk people and was told that at least in the past they had a similar issue had happening after a server undergo their server hardening procedure. I was recommended to use certmgr command line utility, what I did to get a certificate installed. That solved my issue. Thank you for replying.
    • Marked as answer by Leo Kol Tuesday, May 31, 2016 5:16 PM
    Tuesday, May 31, 2016 5:16 PM