When adding servers to the credential database a Cryptographic error occurs
Exception: Cryptography initialization failed: access denied to the 'BindView' cryptographic key-container, which is normally accessible only to Administrators in CBVProcessManager
This error occurs due to a file system permission. The user that the service called "Symantec RMS Process Manager" runs under need access to some fo the cryptographic files.
- Go to services and open the properties of the service called "Symantec RMS Process Manager"
- Click on "Log On" tab
- Verify the user name (by default it will runs as Local System Account) if not note the user name.
- Go the the File System to the folder called:
- On Windows 2008 = C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
- On Windows 2003 = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
- Locate a file with name starting by "114fb2f290c4eb42ff9a8e937b320d73" (each file name finishing by a unique id. i.e. "114fb2f290c4eb42ff9a8e937b320d73_ca7d0021-856a-4b3e-852a-7e18de46f54b"
- Open this file with notepad and check that it contains the string "Bindview"
- Example of a file
- Close Notepad
- Right click on Properties for this file
- Click on Security tab
- Make sure the user called "SYSTEM" has Full Control (if you running as Local System service)
- Else add the user that the service uses to the permission list with Full control
- Close this Windows
- Restart the Symantec RMS Process Manager Service
You can go back to the Credential Database and add agents credentials without this error occuring anymore.
RMS Console - Credential DB - ControlCompliance Suite (CCS) 10.5.1