Dynamics Nav – Process may not have access rights for the private key


After recently applying a new SSL certificate to a Microsoft Dynamics NAV instance the service would not start back up. Instead I was getting these messages in the Windows application event log.

Server instance: NAS_INSTACE
The service MicrosoftDynamicsNavServer$NAS_INSTACE failed to start. This could be caused by a configuration error. Detailed error information: System.ArgumentException: It is likely that certificate ‘CN=certifiatename.com, OU=Domain Control Validated’ may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. —> System.Security.Cryptography.CryptographicException: Keyset does not exist


The main part of the event log message is “may not have access rights for the private key”. So a permissions issue. The solution was to give the account the NAV service is running as permission to the private key using the following procedure.

Using Services.msc and make a note of the “Log On As” user for you “MicrosoftDynamicsNavServer” service(s).

In the Start menu search for and open “Manage Computer Certificates”

Locate your certificate in the Personal\Certificates store.

Right-click your certificate and select All Tasks => Manage Private Keys

Press Add to add in your previously discovered service user(s) . Give the user(s) Full Control and click OK

Done. Try and start your NAV service

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.