Problem
After recently applying a new SSL certificate to a Microsoft Dynamics NAV instance the service would not start back up. Instead I was getting these messages in the Windows application event log.
Server instance: NAS_INSTACE
The service MicrosoftDynamicsNavServer$NAS_INSTACE failed to start. This could be caused by a configuration error. Detailed error information: System.ArgumentException: It is likely that certificate ‘CN=certifiatename.com, OU=Domain Control Validated’ may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. —> System.Security.Cryptography.CryptographicException: Keyset does not exist
Solution
The main part of the event log message is “may not have access rights for the private key”. So a permissions issue. The solution was to give the account the NAV service is running as permission to the private key using the following procedure.
Using Services.msc and make a note of the “Log On As” user for you “MicrosoftDynamicsNavServer” service(s).
In the Start menu search for and open “Manage Computer Certificates”
Locate your certificate in the Personal\Certificates store.
Right-click your certificate and select All Tasks => Manage Private Keys
Press Add to add in your previously discovered service user(s) . Give the user(s) Full Control and click OK
Done. Try and start your NAV service