SharePoint 2013 - Machine decryption key is invalid.
When we browse SharePoint Central Administration we get following error
An unexpected error has occurred.
Once we successfully are able to browse the SharePoint Central Administration site we will consider the case as resolved.
Hopefully information below may help a few of us.
Open IIS manager –> Expand Sites --> Right Click on the appropriate Site and Explore
Note: In our case SharePoint Central Administration Web Application
Within the Web.config file set following
<CallStack="true"/>
<customErrors mode="Off"/>
Note: After Saving the changes to the web.config file we don't require an IISRESET
Browse the Central Administration Site again we see following error
Server Error in '/' Application
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Machine decryption key is invalid. It should be either "AutoGenerate", or 16 (for DES) or 48 (for 3DES and AES) Hex chars long, and may be followed by ",IsolateApps". Exception message from the underlying layer: Specified key is not a valid size for this algorithm.
Line 609: </transformers>
Line 610: </webParts>
Line 611: <machineKey validationKey="396FF381F6195D9D2CC839F84C1959B4BD39F8F319E41A3EAE8C9434EADBE52D" decryptionKey="057D241959C0054D7BCBF4B98A5494BA3E13E64CF6C5594A46C6E9D5E7B2C531" validation="HMACSHA256" />
Line 612: <sessionState mode="InProc" timeout="20" cookieless="UseCookies" />
Line 613: <roleManager>
Workaround:
Comment the following line in Web.Config file
<!-- <machineKey validationKey="396FF381F6195D9D2CC839F84C1959B4BD39F8F319E41A3EAE8C9434EADBE52D" decryptionKey="057D241959C0054D7BCBF4B98A5494BA3E13E64CF6C5594A46C6E9D5E7B2C531" validation="HMACSHA256" /> -->
After which we browsed the SharePoint Central Administration site and it works fine.
Root Cause:
This is because SharePoint configures MachineKey in the web.config for its sites which is HMACSHA256 requires a 256 bit key (64 hexadecimal characters, 32 bytes) , but is not explicitly setting the decryption value. Also assuming that MachineKey is not configured at a higher level (and is using the defaults).
Our issue is that our site's configuration uses the validationKey, decryptionKey, and validation value from site's web.config, instead of the decryption value from the machine.config. Since the Machine.Config's decryption value is 3DES which requires a 192 bit key (48 hexadecimal characters, 24 bytes), instead of HMACSHA256 requires a 256 bit key (64 hexadecimal characters, 32 bytes) , hence we get an error.
When then SharePoint Web Application within 2013 is getting provisioned it compiles the web.config file referring the machine.config file located under
C:\windows\Microsoft.NET\Framework64\v4.0.30319\Config
Open the Machine.Config file and search for machineKey validationKey and you would find following
<machineKey validationKey="C3FB30BE3696CC2C8ECD85B44D172442AADE8B86254025E54F1E66F16976D3A719CFE19A6E4F35901C1DFE2C72A4E69B4ECD17E2C44FEF0ACFAFD4BA6EB43D25" decryptionKey="AC7A658BD7D6C00045D9C48D8C13FBB40F2DE1941117E04E" validation="SHA1" decryption="3DES"/>
Note: Often when using pre built framework web applications they have hard coded the <machineKey> validationKey and decryptionKey values. The main reason for this is to add support for web farms as the forms authentication, view state and out of process session state all use these settings for security.
Solution:
As SharePoint 2013 uses .net framework 4.0 navigate to C:\windows\Microsoft.NET\Framework64\v4.0.30319\Config and comment the following line
<!-- <machineKey validationKey="C3FB30BE3696CC2C8ECD85B44D172442AADE8B86254025E54F1E66F16976D3A719CFE19A6E4F35901C1DFE2C72A4E69B4ECD17E2C44FEF0ACFAFD4BA6EB43D25" decryptionKey="AC7A658BD7D6C00045D9C48D8C13FBB40F2DE1941117E04E" validation="SHA1" decryption="3DES"/> –>
To update Root Web.Config file
Open IIS manager --> Select ServerName in Features views --> Click on Machine Key and set following (The Default Setting)
Comments
- Anonymous
January 01, 2003
Hmm, can be help full incase I face this in future - Anonymous
January 01, 2003
y? we dont have any topic. 4example win9. - Anonymous
March 25, 2014
Thanks for Sharing! In need of this configuration help