Encryption used by MET/CONNECT and Windows 10 Build 2004

It was recently discovered that the new Windows 10 build 2004 (released on December 8, 2020) causes an issue with the Microsoft encryption libraries used by MET/CONNECT. This does not appear to be an issue with any previous Windows 10 build (1909, 1903, etc.) or with MET/TEAM.

https://docs.microsoft.com/en-us/windows/release-information/

Symptoms

Some of the symptoms of this issue are the failure to create trial licenses or multiple error message when attempting to access the Manage Licenses dialog from MET/CAL.

In the log files, you will see an “Access is denied” error similar to the following:

2020-12-11 18:19:51 478             GetDatabaseIdentifier

2020-12-11 18:19:51 515             GetCipherText exception

2020-12-11 18:19:51 515             Access is denied.

                                                         

2020-12-11 18:19:51 552                at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)

                                                             at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)

                                                             at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)

                                                             at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)

                                                             at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()

                                                             at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)

                                                             at Fluke.Calibration.Encryption.Encryption.CreateServerCipherText(String dbIdentifier)

                                                             at MetConnect.Storage.ConMetcalStorage.GetCipherText()

Resolution:

To resolve this issue…

1. Open File Explorer on the MET/CONNECT or MET/TEAM Server
2. Navigate to the C:\ProgramData\Microsoft\Crypto\RSA folder.
3. Right-click on the \MachineKeys sub-folder and select Properties from the popup menu to display the MachineKeys Properties dialog.
4. On the Security tab, click the Edit button to display the Permissions for MachineKeys dialog.
5. Select the Users item in the Group or user names list and check the Allow column checkbox for the Full Control item in the Permissions for Users list.
6. Click OK to save the change and close the MachineKeys Properties dialog.  

This should resolve the issue. If you encounter similar issues on a MET/CAL workstation, repeat this process on the workstation machine.