共用方式為


SharePoint 2013 - Machine decryption key is invalid.

When we browse SharePoint Central Administration we get following error

An unexpected error has occurred.

Once we successfully are able to browse the SharePoint Central Administration site we will consider the case as resolved.

Hopefully information below may help a few of us.

Open IIS manager –> Expand Sites --> Right Click on the appropriate Site and Explore

Note: In our case SharePoint Central Administration Web Application

Within the Web.config file set following

<CallStack="true"/>

<customErrors mode="Off"/>

Note: After Saving the changes to the web.config file we don't require an IISRESET

Browse the Central Administration Site again we see following error

Server Error in '/' Application

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Machine decryption key is invalid. It should be either "AutoGenerate", or 16 (for DES) or 48 (for 3DES and AES) Hex chars long, and may be followed by ",IsolateApps". Exception message from the underlying layer: Specified key is not a valid size for this algorithm.

Line 609: </transformers>

Line 610: </webParts>

Line 611: <machineKey validationKey="396FF381F6195D9D2CC839F84C1959B4BD39F8F319E41A3EAE8C9434EADBE52D" decryptionKey="057D241959C0054D7BCBF4B98A5494BA3E13E64CF6C5594A46C6E9D5E7B2C531" validation="HMACSHA256" />

Line 612: <sessionState mode="InProc" timeout="20" cookieless="UseCookies" />

Line 613: <roleManager>

Workaround:

Comment the following line in Web.Config file

<!-- <machineKey validationKey="396FF381F6195D9D2CC839F84C1959B4BD39F8F319E41A3EAE8C9434EADBE52D" decryptionKey="057D241959C0054D7BCBF4B98A5494BA3E13E64CF6C5594A46C6E9D5E7B2C531" validation="HMACSHA256" /> -->

After which we browsed the SharePoint Central Administration site and it works fine.

Root Cause:

This is because SharePoint configures MachineKey in the web.config for its sites which is HMACSHA256 requires a 256 bit key (64 hexadecimal characters, 32 bytes) , but is not explicitly setting the decryption value. Also assuming that MachineKey is not configured at a higher level (and is using the defaults).

Our issue is that our site's configuration uses the validationKey, decryptionKey, and validation value from site's web.config, instead of the decryption value from the machine.config. Since the Machine.Config's decryption value is 3DES which requires a 192 bit key (48 hexadecimal characters, 24 bytes), instead of HMACSHA256 requires a 256 bit key (64 hexadecimal characters, 32 bytes) , hence we get an error.

When then SharePoint Web Application within 2013 is getting provisioned it compiles the web.config file referring the machine.config file located under

C:\windows\Microsoft.NET\Framework64\v4.0.30319\Config

Open the Machine.Config file and search for machineKey validationKey and you would find following

<machineKey validationKey="C3FB30BE3696CC2C8ECD85B44D172442AADE8B86254025E54F1E66F16976D3A719CFE19A6E4F35901C1DFE2C72A4E69B4ECD17E2C44FEF0ACFAFD4BA6EB43D25" decryptionKey="AC7A658BD7D6C00045D9C48D8C13FBB40F2DE1941117E04E" validation="SHA1" decryption="3DES"/>

Note: Often when using pre built framework web applications they have hard coded the <machineKey> validationKey and decryptionKey values. The main reason for this is to add support for web farms as the forms authentication, view state and out of process session state all use these settings for security.

Solution:

As SharePoint 2013 uses .net framework 4.0 navigate to C:\windows\Microsoft.NET\Framework64\v4.0.30319\Config and comment the following line

<!-- <machineKey validationKey="C3FB30BE3696CC2C8ECD85B44D172442AADE8B86254025E54F1E66F16976D3A719CFE19A6E4F35901C1DFE2C72A4E69B4ECD17E2C44FEF0ACFAFD4BA6EB43D25" decryptionKey="AC7A658BD7D6C00045D9C48D8C13FBB40F2DE1941117E04E" validation="SHA1" decryption="3DES"/> –>

To update Root Web.Config file

Open IIS manager --> Select ServerName in Features views --> Click on Machine Key and set following (The Default Setting)

machinekey.jpg

Comments

  • Anonymous
    January 01, 2003
    Hmm, can be help full incase I face this in future
  • Anonymous
    January 01, 2003
    y? we dont have any topic. 4example win9.
  • Anonymous
    March 25, 2014
    Thanks for Sharing! In need of this configuration help