CryptAcquireContext API fails with with Error Code: 8009000b -Non-Admin user Win 2019 Server PC

Copper Contributor

Hello,

 

In a specific PC with Win 2019 Server OS build 17763, for a Non-Admin user CryptAcquireContext API fails with with Error Code: 8009000b.

In contrast the same CryptAcquireContext works for a Non-Admin user  in other PC with similar OS configuration. Problem is faced in one particular PC. We have checked the same in various OS configurations. Everywhere it is working for Non-Admin User. Please find the below spec.

Seaswara_0-1663635243484.png

 

In addition we observed the same problem in another PC, that is has 

Win10 Enterprise which is new since until now we’ve seen this issue with Win Server only .

 

Seaswara_0-1663659316154.png

 

 

CryptAcquireContext(&hProv, nullptr, nullptr, PROV_RSA_FULL, 0)

I tried the with the below dwFlags as well.

CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET

if (CryptAcquireContext(&hProv, nullptr, nullptr, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET)).

These keys also fail, and possible reason could be access denied.

We are unsure how the same is working in other PC with similar configuration (“for Non-Admin user”). What could be the reason for failing in one specific PC. Kindly, let us know.

 

Pasting the code snippet below

 

#include <new>

#include <windows.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <stdio.h>
#include <tchar.h>
#include <atlconv.h>
#include <conio.h>
//#include "SignatureVerify.h"
#pragma comment(lib, "crypt32.lib")

#define ENCODING (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)


BOOL DecryptKey(const BYTE* encryptValue = nullptr, size_t encryptSize = 0, BYTE* originalValue = nullptr, LPCTSTR szKey = L"")
{
BOOL bResult = TRUE;
HCRYPTPROV hProv = NULL;
HCRYPTKEY hKey = NULL;
HCRYPTKEY hXchgKey = NULL;
HCRYPTHASH hHash = NULL;
auto originalTemp = new BYTE[encryptSize];
DWORD dwLength = 0;
// Get handle to user default provider.
_tprintf(L"\nGet handle to user default provider.\n");
if (CryptAcquireContext(&hProv, nullptr, nullptr, PROV_RSA_FULL, 0))
{
// Create hash object.
_tprintf(L"\nCreate hash object.\n");
if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
{
// other logics to follow that takes care of decryption
// ---
// ----
// -----
}
else
{
// Error during CryptCreateHash!
bResult = FALSE;
_tprintf(L"Error during CryptCreateHash\n");
}
CryptReleaseContext(hProv, 0);
}
else
{
_tprintf(L"\CryptAcquireContext Failed with Error Code: %x\n", GetLastError());
}
delete[] originalTemp;
return bResult;
}
int _tmain(int argc, WCHAR* argv[])
{
LPCTSTR pExePath;

if (argc <= 1)
{
// pExePath = L"C:\\Windows\\System32\\mapi32.dll";
//pExePath = L"C:\\Users\\UserName\\Downloads\\putty.exe";
}
else
{
//Otherwise use first argument from command line
pExePath = argv[1];
}
BYTE pbKey[20];
BYTE serialNum[16];
DecryptKey();

_getch();
return 0;
}

0 Replies