User Profile or Private Key Not Accessible [Fix]
Get things running with our expert solutions!
3 min. read
Updated on
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Key notes
- When the user profile or private key is not found, it's often the missing permissions to blame.
- A quick fix is to reset the security permissions.
- You could ask the IT administrator to move the user profile to a server where Terminal Services are enabled.ย
A Secure Sockets Layer, also known as an SSL, is a standard security technology for establishing an encrypted link between a server and a client. Manipulating isn’t all that easy, and it can usually result in error messages if not done right.
One good example is when you try to import a Secure Sockets Layer (SSL) private key certificate file into the local computer personal certificate store.
The message which appears is, An internal error occurred. Either the user profile is not accessible or the private key that you are importing might require a cryptographic service provider that is not installed on your system.
Luckily enough, there are solutions to these problems, and we have listed them in a step-by-step manner below.
Why are the user profile and private key not accessible?
According to Microsoft, there are three main causes for why this error occurs:
- Missing permissions: You have insufficient permissions to access the following folders:
DriveLetter:\DocumentsSettings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys - Another key exists: A third-party registry subkey exists that prevents IIS from accessing the cryptographic service provider
- Remote access: You are logged on to the computer remotely through a Terminal Services session, and the user profile is not stored locally on the server with Terminal Services enabled.
As you can imagine, knowing what causes the issue makes it easy to figure out the logical fixes.
What can I do if the user profile or private key is not accessible?
1. Reset permissions for the MachineKeys folder
- Right-click the MachineKeys folder
- Go to the Security tab, and click on Advanced.
- Select the Replace all child object permission entries with inheritable permission entries for this object checkbox, and click on OK to save the changes.
Once done, verify whether the Either the user profile is not accessible or the private key Internal Error is fixed.
2. Delete the third-party registry subkey
- Press Windows + R to open Run, type regedit, and then hit Enter.
- Click Yes in the UAC prompt.
- Go to the following path using the navigation pane:
HKEY_USERS\Default\Software\Microsoft\Cryptography\Providers
- If you find the Type 001 key, select it, and then hit Delete.
3. Store the user profile for the Terminal Services session locally
If this seems to be the case, ask your IT administrator to move the user profile to the server that has Terminal Services enabled.
Alternatively, you can also use roaming profiles. This will fix things when you get the An internal error occurred. Either the user profile is not accessible or the private key message.
By following these steps, you should now be able to import an SSL private key certificate file into the local computer personal certificate store without any more error messages.
Before you leave, find out how to create self-signed certificates in Windows.
If you’re aware of a solution we may have missed out on, share it in the comments section below so that other users can also try it.
