IIS 7 and Above
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys is filling my disk sp...
Last post Apr 17, 2015 07:02 AM by XaviN
Apr 16, 2015 03:25 AM|XaviN|LINK
Our web application send and receive information from remote web services. Each time that our application make connection to remote web service (https) to obtain some information, one or more files are created into C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
We detected that this directory has a size of 1Gb and has more than 900.000 files but we don't understand what is the reason about the creation of this file.
This files has names like...
There are a problem about IIS Service If I try to empty this directory, because IIS store some encryption keys about iisConfigurationKey, NetFrameworkConfigurationKey and iisWasKey.
Someone is happening the same situation?
Apr 16, 2015 10:34 PM|Ken Schaefer|LINK
Do you have any security software installed on the machine? There's various reports on the internet that software like ESET perform "MITM" SSL inspection, and thus can end up issuing vast amounts of fake SSL certs to perform this.
Apr 16, 2015 10:36 PM|Pengzhen Song - MSFT|LINK
The MachineKeys folder stores certificate pair keys for both the computer and users. Whenever a certificate request is generated for the machine, a new file is created in this location. This is true even if the certificate request fails.
What I would recommend doing is checking all Enterprise CAs you have in the environment and looking for failed certificate requests. If you can find a significant amount, investigate the certificate template listed in the error and correct it or unpublish
it from all the CAs. Once
corrected/unpublished wait 24 hours to see if the buildup in the MachineKeys folder stops.
For more information, please refer to the discussion:
To delete the files in the folder, we can find the unusefull files and delete it. Please refer to the discussion:
Hope it can help you.
Apr 17, 2015 05:12 AM|XaviN|LINK
Thank you for your comments. Now, we are investigating about your approaches. When I find the issue originator I will write back.
Apr 17, 2015 07:02 AM|XaviN|LINK
We found the problem. It happens when we sign the SAML ticket with the certificate (X509Certificate Class) before sending it to remote web service (SSL).
At the end of the process to sign SAML there wasn't the Reset method who frees all resources related with used certificate.
After this change, we have seen that the keys into MachineKeys directory emerge when we sign the SAML ticket and then they disapear when I perform X509Certificate.Reset().
In the other hand, we focused to remove all non used keys into this directory. Firstly, we are identified the main keys related with encryption windows components. Our list is the next:
- Microsoft Internet Information Server -> c2319c42033a5ca7f44e731bfd3fa2b5 ...
- NetFrameworkConfigurationKey -> d6d986f09a1ee04e24c949879fdb506c ...
- iisWasKey -> 76944fb33636aeddb9590521c2e8815a ...
- WMSvc Certificate Key Container -> bedbf0b4da5f8061b6444baedf4c00b1 ...
- iisConfigurationKey -> 6de9cb26d2b98c01ec4e9e8b34824aa2 ...
- MS IIS DCOM Server -> 7a436fe806e483969f48a894af2fe9a1 ...
- TSSecKeySet1 -> f686aace6942fb7f7ceb231212eef4a4 ...
Now, we are working to build a script to remove all keys except it starts with previous name keys.
Thank you for your help.
See you soon