C#.NET program on IIS7 failing to read the private key…

We are facing a weird problem while reading the Private Key from the self-signed certificate.

The application is running on IIS7 running on Windows 2008 Serer. After running successfully for several days (or sometimes weeks), the C#.NET program fails to read the certificate from the User Store.

After doing lot of research and trying to reproduce the issue, we did not find anything wrong in the code and, finally contacted Microsoft Support, and realized that the issue is related to user profile, which gets deactivated when somebody interactively logs out of Windows Server. The moment user session is logged out, a particular program named CertificateServicesClient stops working for the ‘USER’ account and the application fails because it is deployed on IIS, and IIS is impersonating using the ‘USER’ account.

If you’re facing exactly the same problem, following is the solution we found with the help of Microsoft Support:

1. Open the IIS Manager

2. Go the the ‘Application Pools’

3. Select the application pool being used by your application.

4. Select ‘Advanced Settings…’ from righ-side action panel.

5. In Advanced Setting, under ‘Process Model’ section, set the property “Load User Profile” to “True”.

IIS-Load-user-profile setting


This setting tell IIS to load the user profile itself, irrespective of whether the User is interactively logged-in or not.


Tagged: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: