X509Certificate2 raises "The Smart card resource manager is not running" exception

  • Article

Hi all,

Some time ago a customer of mine was getting a CryptographicException with message "The Smart card resource manager is not running" when using X509Certificate2 object in a Windows service. This was the call stack at the point of exception:

 

at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)    

at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)    

at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()    

at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)    

at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

 

The service was running as NETWORK SERVICE, and it worked fine when running as SYSTEM. Error happened on Windows 7, but everything worked fine on Windows XP.

The cause of the issue is that .NET is calling SCardEstablishContext API behind the scenes, and the user running the service doesn't have enough permissions to run the API. More details on the issue and potential solutions can be found in this other post of mine: SCardEstablishContext fails with SCARD_E_NO_SERVICE error.

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)