UserLock Frequently Asked Questions
How to fix the _No encryption provider available_ error for administration from a remote workstation?
When trying to remotely administrate UserLock from a workstation, the following error may occur:
No encryption provider available!
The provider 1 gives the error 80090024
The provider 12 gives the error 80090024
The provider 14 gives the error 80090024
It may occur in the following context:
- The UserLock Console is installed on a workstation,
- A temporary profile is loaded after you log on to the workstation.
- Trying to connect to the UserLock server from the UserLock Console.
The code 80090024 in the error message means : “The profile for the user is a temporary profile”. So the profile is not a standard profile specific to the user. In order to initiate the encryption the Microsoft Cryptographic API needs to store encryption keys in the user profile (the limitation comes from the Microsoft cryptographic API, not from UserLock). It seems that the kind of profiles you are using are not compatible with that. So if you want to use the remote console from a workstation you should ensure that the user accounts that will administrate UserLock have a standard profile that is not shared among users.
As explained in the A temporary profile is loaded after you log on to a Windows Vista-based system KB article:
- Log on to the system by using an administrative user account other than the user account that is experiencing the problem.
- Back up all data in the current user's profile folder if the profile folder still exists, and then delete the profile folder. By default, the profile resides in the following location: %SystemDrive%\Users\UserName
- Click Start, type regedit in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
- Locate the following registry subkey:
- Under the ProfileList subkey, delete the subkey that is named SID.bak.
Note SID is a placeholder for the security identifier (SID) of the user account that is experiencing the problem. The SID.bak subkey should contain a ProfileImagePath registry entry that points to the original profile folder of the user account that is experiencing the problem.
- Exit Registry Editor.
- Log off the system.
- Log on to the system again.
- After you log on to the system, the profile folder is re-created.