Reputation: 11218
sn.exe fails with Access Denied error message
I get an Access is Denied error message when I use the strong name tool to create a new key to sign a .NET assembly. This works just fine on a Windows XP machine but it does not work on my Vista machine.
PS C:\users\brian\Dev\Projects\BELib\BELib> sn -k keypair.snk
Microsoft (R) .NET Framework Strong Name Utility Version 3.5.21022.8
Copyright (c) Microsoft Corporation. All rights reserved.
Failed to generate a strong name key pair -- Access is denied.
What causes this problem and how can I fix it?
Are you running your PowerShell or Command Prompt as an Administrator? I found this to be the first place to look until you get used to User Access Control or by turning User Access Control off.
Yes I have tried running PS and the regular command prompt as administrator. The same error message comes up.
Upvotes: 15
Views: 8957
Answers (6)
Reputation: 131
Updating this for Win 10+:
The new path is: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
Since System is the owner of the folder, you will need to change it to a user or group that has Administrator access. Once you've done this, you can proceed to alter the permission on Everyone to Read/Write.
Upvotes: 0
Reputation: 19020
Just to update this a bit: I ran into the same problem on Vista. My local user on the PC had no problem but then we switched to a domain and my domain user (albeit having local admin rights) got "Access Denied". I granted my domain user access rights to C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys and that fixed it.
Upvotes: 3
Reputation:
Some people rebuild their machines to resolve this problem, but it can be solved by giving user access to the key container C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys Each container created using sn.exe -i is located in the MachineKeys directory (unless you specify elsewhere). The default key container that is used by sn.exe is also in that location.
In case you reset your key container to a new one, and forget where it is.. you can reset the key container for the strong name utility using sn.exe -c. So, if the account access fix doesn't work, you may be using an alternate key store so a reset may be in order.
Upvotes: 2
Reputation: 119816
Why not fire up sysinternals Process Monitor too see what you can see, it's the first thing I always do when I get any kind of access denied message?
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Upvotes: 3
Reputation: 18270
Yes I have tried running PS and the regular command prompt as administrator. The same error message comes up.
Another possible solution could be that you need to give your user account access to the key container located at C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Upvotes: 31
Reputation: 18270
Are you running your PowerShell or Command Prompt as an Administrator? I found this to be the first place to look until you get used to User Access Control or by turning User Access Control off.
Upvotes: 3
Related Questions
- How to diagnose 'Strong name validation failed.' 0x8013141A errors
- Exception in .NET strong name API invocation. Error while getting key info for '<my .snk file path>': Strong name key container not found
- C# Assembly Strong Name error although signed
- How do I debug "strong name validation failed"?
- Strong Name sn.exe: Failed to install key pair -- Object already exists
- How to undo sn.exe -Vr *
- Access denied running sn.exe on Windows 7
- Can't skip .net strong name verification on windows
- Strong name validation failure on Import-Module
- Strong name validation failure exception in ASP.NET