We are facing a weird problem while reading the Private Key from the self-signed certificate.
The application is running on IIS7 running on Windows 2008 Serer. After running successfully for several days (or sometimes weeks), the C#.NET program fails to read the certificate from the User Store.
After doing lot of research and trying to reproduce the issue, we did not find anything wrong in the code and, finally contacted Microsoft Support, and realized that the issue is related to user profile, which gets deactivated when somebody interactively logs out of Windows Server. The moment user session is logged out, a particular program named CertificateServicesClient stops working for the ‘USER’ account and the application fails because it is deployed on IIS, and IIS is impersonating using the ‘USER’ account.
If you’re facing exactly the same problem, following is the solution we found with the help of Microsoft Support:
1. Open the IIS Manager
2. Go the the ‘Application Pools’
3. Select the application pool being used by your application.
4. Select ‘Advanced Settings…’ from righ-side action panel.
5. In Advanced Setting, under ‘Process Model’ section, set the property “Load User Profile” to “True”.
This setting tell IIS to load the user profile itself, irrespective of whether the User is interactively logged-in or not.