Monday, December 17, 2012

Adding User Credential to the TridionRsaKeyContainer

In order to make modification to the Tridion MMC Snap-in such as the database settings, your user account will need access to the TridionRsaKeyContainer.

Ever get this annoying "Access is denied" error when you tried to add yourself to the TridionRsaKeyContainer? I have plenty of times.....



I always thought that the original Administrator account who did the Tridion installation can grant this access. But what if the original user account that was used was deleted or the employee left the company? Then you're screwed........ ok, that's not true!

Here's a way around it with the use of Microsoft PSTools


2) Unzip the tools to somewhere on the server
3) Drop out to a command prompt and go to where PSTools is unzipped
4) Run:    psexec -i -s cmd.exe (This should open another command prompt window)
5) In the new command prompt windows, navigate to where aspnet_regiis is (should be in c:\Windows\Microsoft.Net\Framework64\v4.0.30319 
6) Run:   aspnet_regiis -pa "TridionRsaKeyContainer" "Domain\UserName"

SUCCESS! Access is granted!

Hope this helps if anyone ever run into this issue.

Kudos to Brandon Truong from SDL Support!
Posted by at

6 comments:

  1. NivlongDecember 19, 2012 at 2:50 PM

    Ah, I've just ignored that error to set things in the snap-in anyways. I think at least the "hide organizational items" works regardless of the error.

    Thanks for sharing, Robert!

    ReplyDelete
  2. RobertDecember 19, 2012 at 4:23 PM

    Hi Alvin

    I think you can make all changes in the snap-in except for the database settings. If you're an admin trying to connect the CM to a different DB, you will definitely need to have access to the Tridion RSA key (Ignoring the error in this case will not allow you to save the changes)

    Thanks for the note!

    ReplyDelete
  3. UnknownNovember 14, 2013 at 1:20 AM

    If still Face issue use -

    aspnet_regiis -pa "TridionRsaKeyContainer" "domain\use" -full

    ReplyDelete
  4. MaheshNovember 20, 2016 at 10:11 PM

    On one of Tridion environment MTSUser is able to give this permissions to other admin accounts and it works successfully . But on production instance we are not able give same permissions to other user from MTSUser. It says access is denied as above screenshot. We cannot install ps tools there . Any help

    ReplyDelete
    Replies
    1. RobertNovember 20, 2016 at 11:13 PM

      It's likely a permission issue with that user. You can temporarily grant admin right to this user and try again

      Delete
  5. doodlehackerAugust 30, 2017 at 12:22 PM

    excellent

    ReplyDelete

Subscribe to: Post Comments (Atom)