Crypt* calls failing?

Common crypto issue..

 

I have seen this more than once so I thought I would mention it here.

 

Calls to CryptProtectData  or CryptUnprotectData  fail with ERROR_FILE_NOT_FOUND or  other crypto calls fail either in context of the user or the system.  Part of tshooting this should be to  check the following reg paths:

 

System:

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

User:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

 

Specifically – the AppData value should read %USERPROFILE%\Application Data

 

If this value is bad or the value is missing, all kinds of odd things fail due to the process not being able to determine where key data is, or sometimes the system will fail to find needed data under:

\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache

 

A bit obscure .. but maybe it will help someone someday..

The hard part is.. how do you know a crypto call is failing since there are very few logs or events?

 

[Added May 10 ]

 

One more I ran into  recently ..

 

PATH:
"C:\Documents and Settings\JoeUser\Application Data\Microsoft\Protect\

FileName: CREDHIST

 

Check the permissions AND the file attributes - should be writeable  ( not read only )

 

Spat