Does SMP create machinekeys (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys) as part of its procedures?
An issue was reporrted with a large number of files under the MachineKeys directory (under C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys). There were 2.4 million files in the MachineKeys folder (while trying to clean up this folder and it caused an issue with our AppPools: The worker process for application pool 'Symantec Agent AppPool' encountered an error 'Failed to decrypt attribute 'password' because the keyset does not exist). A copy of the Machinekeys folder was restored and it is up and running again but was concerned about the number of keys created under it.
ITMS 8.x
We create files under the MachineKeys folder and these files are created during CEM certificate generation.
A new tool has been developed called "CryptoCleaner.exe" and it is attached to this article. It was released as part of our product with the ITMS 8.6 RU1 release.
This utility enumerates key files in the MachineKeys folder and collects statistics for potential duplicates that can be safely removed. It can be used in SMP 8.5 and later. The steps to us it are:
Tool usage:
Note: It is recommended to restart "Altiris Services" service after tool execution with -clean cmd.
You can output the results from the command prompt to a text file using the following syntax:
CryptoCleaner.exe > c:esults.txt