How to: Change the Security Permissions for the MachineKeys Directory

  • Article

If the following errors appear when users try to access Web services, the security permissions might not be set correctly for the MachineKeys directory on the application-tier server:

  • TF53010: An unexpected condition has occurred in a Team Foundation component. The information contained here should be made available to your site administrative staff.

  • TF14000: A critical error occurred while generating new download key. Shutting down the current AppDomain.

The service account for Team Foundation must have full access to the MachineKeys directory on the application-tier server. If the account does not have full access, you should update the permissions for that directory.

Required Permissions

To perform this procedure, you must be a member of the Administrators security group on the application-tier server for Team Foundation.

To change the security permissions for the MachineKeys directory in Windows Server 2003

  1. Log on to the application-tier server.

  2. Open Windows Explorer, and find the MachineKeys directory in the following location:

    Drive:\Documents and Settings\all users\Application Data\Microsoft\Crypto\RSA\MachineKeys

  3. Right-click the directory, and click Properties.

    Note

    If the directory does not appear, click Folder Options. On the View tab, click Show hidden files and folders.

    The MachineKeys Properties dialog box opens.

  4. Click the Security tab.

  5. Verify that Administrators and Everyone are listed under Group or user names. If they are not listed, perform the following steps:

    1. Click Add.

      The Select Users, Computers, or Groups dialog box opens.

    2. In From this location, type the name of the local computer, and click OK.

    3. In Enter the object names to select, type the name of the user group that is missing, and then click Check Names. Click the group account, and click OK twice.

  6. Perform the following steps to set the permissions of the service account for Team Foundation:

    1. Click the group name (for example, Administrators).

      Note

      If the Special Permissions check box is selected, do not clear it. This selection grants full access to all file and folder actions.

    2. Click Full Control.

      The following check boxes are selected automatically:

      Full Control

      Modify

      Read & Execute

      List Folder Contents

      Read

      Write

    3. Click Advanced.

    4. Select the Replace permission entries on all child objects with entries shown here that apply to child objects check box.

    5. Click OK to confirm the changes.

  7. Click OK to close the dialog box.

To change the security permissions for the MachineKeys directory in Windows Server 2008

  1. Log on to the application-tier server.

  2. Open Windows Explorer, and locate the MachineKeys directory in the following location:

    Drive:\ProgramData\Microsoft\Crypto\RSA

  3. Right-click the MachineKeys directory, and click Properties.

    Note

    If the directory does not appear, click Organize, and then click Folder Options. On the View tab, click Show hidden files and folders.

    The MachineKeys Properties dialog box opens.

  4. Click the Security tab.

  5. Verify that Administrators and Everyone are listed under Group or user names. If they are not listed, perform the following steps:

    1. Click Edit, and then click Add.

      The Select Users, Computers, or Groups dialog box opens.

    2. In From this location, type the name of the local computer, and click OK.

    3. In Enter the object names to select, type the name of the user group that is missing, and then click Check Names. Click the group account, and click OK twice.

  6. Perform the following steps to set the permissions of the service account for Team Foundation:

    1. Click the group name (for example, Administrators).

      Note

      If the Special Permissions check box is selected, do not clear it. This selection grants full access to all file and folder actions.

    2. Click Edit.

      The Permissions for MachineKeys dialog box opens.

    3. Click the group name, select the Full Control check box, and click OK.

    4. Click Advanced.

      The Advanced Security Settings for MachineKeys dialog box opens.

    5. Click the group name, and then click Edit.

      A second Advanced Security Settings for MachineKeys dialog box opens.

    6. Select the Replace all existing permissions on all descendants with inheritable permissions from this object check box.

    7. Click OK to confirm the changes.

  7. Click OK to close the dialog box.

See Also

Tasks

Resolving Problems Accessing Web Services

Other Resources

Correcting Connection and Configuration Procedures