Failed to create Cryptographic Service Provider

[mabordo]

Hey @all,
i am configure our Backup Enviroment with a Job to backup a few VMs. In the Options of the Job i set "enable backup file encryption" and adding a new Password to this one.
But now, when i start the Job it Fails with the Error: "The keyset is not defined. Failed to create Cryptographic Service Provider"

Could anyone help to solve this Problem?

Thanks

[veremin]

Looks like specific Windows XP problem, I'm not sure however why you got it in your case. May be a cryptocontainer got corrupted or something similar.

The best idea would be to open a ticket with our support team and let them confirm your environment.

Thanks.

[ian0x0r]

Thought id post a reply to this as I couldn't find much out about it. In my case when you get the cryptographic error with error code 0x80090019 it turned out to be the service account assigned to the Veeam services. Try changing the account used by the Veeam services and see if it resolves the issue.

Ian

[Sergey_M]

Hello colleagues,
We've found out that issue is likely to be related to Windows Profile. Hence, you may completely delete profile from Veeam Server and it will be created automatically after next log-in under service account (domain administrator, for instance).

[hennels]

Morning, onsite Windows support for one of our clients changed the Veeam Server Windows credentials.
Veeam services would not start, changed services to new .\administrator & password, all started without issue.
Since the change, no jobs are succeeding, error message below:

Code: Select all

2017-08-28 9:41:02 AM :: Processing *VM*: The keyset is not defined.
Failed to create Cryptographic Service Provider.
--tr:Error code: 0x80090019  

I'm not finding any solid info here. Jobs are not encrypted, CryptSVC service stopped and started and in running state.
Any ideas?

[gunaseelan]

Hi Dear All,
I am very new to the veeam product, I am trying to learn with security related task
I am supporting a security company, Our ITSM team asking the below questions
Could you please help me with the below, I raised a ticket with veeam and they suggest to post in R&D forum.
Case No: #05700729
1) whether Veeam Cryptographic module failure is logged anywhere?
2)RSA 2048 encryption on Veeam Backup & Replication -where to see the encryption strength?
3)Certificate cryptographic-based controls implemented -The signature hash algorithm is sha256 Public key is RSA
4) All Cryptographic materials are generated randomly complying with FIPS 140-2 - steps to see? Any proof to show customer or ITSM team?
5) Location of the key and certificate of Veeam Backup & Replication reside?
6) For the COnfiguration backup encryption where is the hash or key kept to secure the database?
7) What is the algorithm of used for configuring the backp password?
How to enable the encryption

Advance Thanks for your help

Thanks & Regards,
Guna

[PetrM]

Hello,

Please let me have some time to work on the questions above and discuss them with my colleagues. I'll update the topic once I have more information.

Thanks!

[gunaseelan]

Hi Petr Makarov,

Thanks for your reply..!!!!!!!!!!!!!!! advance thanks for your support

[PetrM]

Hi Guna,

First of all, please review this page of our help center, it contains the detailed description of all encryption standards used in the product and provides answers to some of your questions.

Answering your questions:
1) whether Veeam Cryptographic module failure is logged anywhere?
Yes, of course. All failures of the module are logged by the components that use it in the corresponding debug logs.

2)RSA 2048 encryption on Veeam Backup & Replication -where to see the encryption strength?
To get more details about the recommended key lengths, please refer to this website and to this NITS document.

3) Certificate cryptographic-based controls implemented -The signature hash algorithm is sha256 Public key is RSA
This question is not clear. Would you be so kind to clarify what exactly are you looking for?

4) All Cryptographic materials are generated randomly complying with FIPS 140-2 - steps to see? Any proof to show customer or ITSM team?
Here is the FIPS compliance page plus Veeam Cryptographic Module is mentioned on NIST page (CMVP). I think it should be more than enough to show to a customer.

5) Location of the key and certificate of Veeam Backup & Replication reside?
It's on Veeam B&R server in the local machine certificate store - both public and private keys.

6) For the COnfiguration backup encryption where is the hash or key kept to secure the database?
The configuration backup is encrypted with a user key stored in the configuration database. The manual input of the encryption key is required during configuration restore. Please see this section of our help center.

7) What is the algorithm of used for configuring the backp password?
A user creates a password for backup encryption key manually. The PBKDF2 (SHA-1, 10k iterations) is used for generating the root key for backup encryption.

8 ) How to enable the encryption
In backup job settings.

Thanks!