After upgrading Signotaur to Version 1.1.0.14 I am no longer able. The message is “Login failed : Network Error”.
The Windows event log of the server is flooded with these events:
“A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from cryptographic module is 0x8009030D. The internal error state is 10001.”
My feeling is that this is triggered by the installation of the new .NET Runtime or ASP.NET Core.
BTW, I have no problems to access ContinuaCI on the same system.
This error indicates that the SSL certificate used to configure HTTPS for the Signotaur web service cannot be accessed - specifically, the service process does not have permission to access its private key.
Did you change the SSL certificate or the Signotaur service user account during the upgrade or installation?
If you’re using a PFX file as the certificate, make sure it was exported with a private key. You can check this by running the following PowerShell commands:
If you’re using a certificate from the Windows certificate store (specified by subject), confirm that the user account running the Signotaur service has permission to access the private key:
Open MMC (Run → mmc)
Add the Certificates snap-in → Computer account
Navigate to the certificate (usually under Personal → Certificates)
Right-click the certificate → All Tasks → Manage Private Keys
In the Security dialog, verify that the Signotaur service account is listed and has access
You can verify which certificate is being used by checking the configuration file at: C:\ProgramData\VSoft\Signotaur\Server\Signotaur.Server.config.json
under Site → Certificate.
Also worth checking:
If you’re using a password-protected PFX, and the password may have changed, rerun the Signotaur installer to re-enter it.
Make sure the certificate hasn’t expired - an expired or invalid cert could possibly trigger the same error.
Note that the server logs at C:\ProgramData\VSoft\Signotaur\Server\Logs may provide a little more detail on the cause of this error.
After verifying all your suggestions I still wasn’t able to get it working. So I decided to make a clean installation on another system. After adding a dedicated user account I executed the setup and hopefully entered all information correctly. I opted for a self-signed certificate leaving the password empty. The Firewall got some rules to allow the configured port.
When browsing to the web interface the connection is closed immediately and the Schannel errors appear in the event log.
I must be doing something fundamentally wrong.
BTW: The system is a VM with Windows 10 Pro 22H2 Build 19045.6456
Update: After adding the Signotaur user to the admin group I am a step further.
Not sure what permission I missed to set. I skipped the Cert Store permission because I could not identify any certificate I should give permission to. None of those I tried offered to manage private keys.
So, I am able to run my FinalBuilder project from my system getting the desired results. Next step was to run FinalBuilder from the ContinuaCI project, but that fails.
The Signotaur action in FB gives an error Access to server denied with error code 3. Inspecting the Events in the Signotaur server matches that:
“Access to server denied” means that the api key provided is invalid, not found on the server or an error occurred while evaluating it - if there was an error then this should be logged to C:\ProgramData\VSoft\Signotaur\Server\Logs.
Note that we have found a possible reason why you needed extra admin permissions for the certificate and will put out a new release with a fix shortly.
finally I found the culprit: The API key variable in the FB project for some reason contained a backslash before the final equal sign (“XXX\=” instead of “XXX=”). Not sure what caused this, but I tried several things yesterday and some of them might as well have been plain stupid.
It’s great that you found a possible reason for the access problems. I will try the fixed version as soon as it is available.
