Comprehensive data protection for all workloads
Post Reply
mabordo
Influencer
Posts: 13
Liked: never
Joined: Mar 03, 2015 7:16 am
Full Name: Marcelo Bordon
Contact:

Failed to create Cryptographic Service Provider

Post by mabordo »

Hey @all,
i am configure our Backup Enviroment with a Job to backup a few VMs. In the Options of the Job i set "enable backup file encryption" and adding a new Password to this one.
But now, when i start the Job it Fails with the Error: "The keyset is not defined. Failed to create Cryptographic Service Provider"

Could anyone help to solve this Problem?

Thanks
veremin
Product Manager
Posts: 20355
Liked: 2287 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Failed to create Cryptographic Service Provider

Post by veremin »

Looks like specific Windows XP problem, I'm not sure however why you got it in your case. May be a cryptocontainer got corrupted or something similar.

The best idea would be to open a ticket with our support team and let them confirm your environment.

Thanks.
ian0x0r
Veeam Vanguard
Posts: 238
Liked: 55 times
Joined: Nov 11, 2010 11:53 am
Full Name: Ian Sanderson
Location: UK
Contact:

Re: Failed to create Cryptographic Service Provider

Post by ian0x0r »

Thought id post a reply to this as I couldn't find much out about it. In my case when you get the cryptographic error with error code 0x80090019 it turned out to be the service account assigned to the Veeam services. Try changing the account used by the Veeam services and see if it resolves the issue.

Ian
Check out my blog at www.snurf.co.uk :D
Sergey_M
Veeam Software
Posts: 1
Liked: never
Joined: May 10, 2016 7:42 am
Contact:

Re: Failed to create Cryptographic Service Provider

Post by Sergey_M »

Hello colleagues,
We've found out that issue is likely to be related to Windows Profile. Hence, you may completely delete profile from Veeam Server and it will be created automatically after next log-in under service account (domain administrator, for instance).
hennels
Novice
Posts: 3
Liked: never
Joined: Jul 01, 2015 2:19 pm
Contact:

[MERGED] Windows credential change - jobs failing

Post by hennels »

Morning, onsite Windows support for one of our clients changed the Veeam Server Windows credentials.
Veeam services would not start, changed services to new .\administrator & password, all started without issue.
Since the change, no jobs are succeeding, error message below:

Code: Select all

2017-08-28 9:41:02 AM :: Processing *VM*: The keyset is not defined.
Failed to create Cryptographic Service Provider.
--tr:Error code: 0x80090019  
I'm not finding any solid info here. Jobs are not encrypted, CryptSVC service stopped and started and in running state.
Any ideas?
gunaseelan
Novice
Posts: 3
Liked: 1 time
Joined: Nov 02, 2022 8:12 am
Full Name: Anbazhagan Gunaseelan
Contact:

Re: Failed to create Cryptographic Service Provider

Post by gunaseelan »

Hi Dear All,
I am very new to the veeam product, I am trying to learn with security related task
I am supporting a security company, Our ITSM team asking the below questions
Could you please help me with the below, I raised a ticket with veeam and they suggest to post in R&D forum.
Case No: #05700729
1) whether Veeam Cryptographic module failure is logged anywhere?
2)RSA 2048 encryption on Veeam Backup & Replication -where to see the encryption strength?
3)Certificate cryptographic-based controls implemented -The signature hash algorithm is sha256 Public key is RSA
4) All Cryptographic materials are generated randomly complying with FIPS 140-2 - steps to see? Any proof to show customer or ITSM team?
5) Location of the key and certificate of Veeam Backup & Replication reside?
6) For the COnfiguration backup encryption where is the hash or key kept to secure the database?
7) What is the algorithm of used for configuring the backp password?
8) How to enable the encryption

Advance Thanks for your help

Thanks & Regards,
Guna
PetrM
Veeam Software
Posts: 3594
Liked: 602 times
Joined: Aug 28, 2013 8:23 am
Full Name: Petr Makarov
Location: Prague, Czech Republic
Contact:

Re: Failed to create Cryptographic Service Provider

Post by PetrM »

Hello,

Please let me have some time to work on the questions above and discuss them with my colleagues. I'll update the topic once I have more information.

Thanks!
gunaseelan
Novice
Posts: 3
Liked: 1 time
Joined: Nov 02, 2022 8:12 am
Full Name: Anbazhagan Gunaseelan
Contact:

Re: Failed to create Cryptographic Service Provider

Post by gunaseelan » 1 person likes this post

Hi Petr Makarov,

Thanks for your reply..!!!!!!!!!!!!!!! advance thanks for your support
PetrM
Veeam Software
Posts: 3594
Liked: 602 times
Joined: Aug 28, 2013 8:23 am
Full Name: Petr Makarov
Location: Prague, Czech Republic
Contact:

Re: Failed to create Cryptographic Service Provider

Post by PetrM »

Hi Guna,

First of all, please review this page of our help center, it contains the detailed description of all encryption standards used in the product and provides answers to some of your questions.

Answering your questions:
1) whether Veeam Cryptographic module failure is logged anywhere?
Yes, of course. All failures of the module are logged by the components that use it in the corresponding debug logs.

2)RSA 2048 encryption on Veeam Backup & Replication -where to see the encryption strength?
To get more details about the recommended key lengths, please refer to this website and to this NITS document.

3) Certificate cryptographic-based controls implemented -The signature hash algorithm is sha256 Public key is RSA
This question is not clear. Would you be so kind to clarify what exactly are you looking for?

4) All Cryptographic materials are generated randomly complying with FIPS 140-2 - steps to see? Any proof to show customer or ITSM team?
Here is the FIPS compliance page plus Veeam Cryptographic Module is mentioned on NIST page (CMVP). I think it should be more than enough to show to a customer.

5) Location of the key and certificate of Veeam Backup & Replication reside?
It's on Veeam B&R server in the local machine certificate store - both public and private keys.

6) For the COnfiguration backup encryption where is the hash or key kept to secure the database?
The configuration backup is encrypted with a user key stored in the configuration database. The manual input of the encryption key is required during configuration restore. Please see this section of our help center.

7) What is the algorithm of used for configuring the backp password?
A user creates a password for backup encryption key manually. The PBKDF2 (SHA-1, 10k iterations) is used for generating the root key for backup encryption.

8 ) How to enable the encryption
In backup job settings.

Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 116 guests