Hello everyone,
I'd like to ask a more in-depth question. At a client's site, I'm having a problem with an accumulation of files in the folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys. These files are growing significantly and filling up the disks on the production servers (farm).
I've analyzed several points, starting with the CryptoAPI component - making code changes to prevent these files from being populated and/or recycling and even discarding the file after creation. As well as other components created at the client that use encryption keys and could generate these files.
Another point identified at the client, which could cause something like this, was a constant SSL/TLS error, in which I verified that apparently a proxy in the path was having difficulties transporting REST API packets.
After overcoming these obstacles, I realize that it is still generating a large number of files on the servers.
The most intriguing thing is that the Microsoft website and forum report this type of problem and there are possible workarounds, such as deleting old files.
Some curious factors:
What I would like to know is if anyone else is facing this issue and if there is any solution?
I have already tried changing the permissions of the MachineKeys folder (considering that it could be a permission problem and IIS was unable to read the files and was generating new ones); As I mentioned before, I have already changed components (.NET extension such as CryptoAPI and others) to recycle the file and even delete them after use; I've already analyzed the overall health of the environments regarding REST APIs (eliminating SSL/TLS errors), etc.
Add Info:
Thank you all for your support.
The accumulation of files in the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder is a common issue in Windows environments, particularly on OutSystems Platform 11 production servers. This folder stores private keys used by IIS and other applications for SSL encryption, signing, and other cryptographic purposes. Over time, excessive accumulation might occur due to improper cleanup.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
Understand Why Files Accumulate: Files in the MachineKeys folder are typically remnants of old SSL/TLS operations. If your OutSystems applications or IIS are generating excessive cryptographic operations, they might leave behind these unused keys.
MachineKeys
Check System Permissions: Ensure that the permissions of the MachineKeys folder are correct. The folder should allow specific users like IIS user (IUSR) or application pool IDs to write to it while restricting access to others.
IUSR
Enable Proper Cleanup Mechanisms: If you're noticing excessive files, check if periodic cleanup or maintenance scripts are in place for your server. If not, consider manually auditing the folder and deleting unused files. Be careful not to delete files still used by active processes; identify non-referenced keys using a script.
Monitor and Optimize IIS/OutSystems Configuration: If OutSystems applications are contributing to this issue, review the IIS and OutSystems configurations, including SSL/TLS settings. Ensure no duplicate or unnecessary cryptographic operations are being carried out.
Apply Windows Updates: Sometimes, servers running older versions of Windows might exhibit this problem due to a lack of housekeeping in the OS. Applying the latest updates can often resolve such system-level issues.
Reduce Disk Fragmentation and Clean Up Temp Files: You may need to clean up other related folders where cryptographic temp or .NET temporary files are stored, as mentioned in Guide to disk space usage and control on OutSystems Platform servers.
Consider Periodic Automation: Automate scripts to check and clean stale entries in the MachineKeys folder. This ensures consistent cleanup without manual intervention.
Let me know if you need specific scripts for auditing or cleanup!