Showing results for 
Search instead for 
Did you mean: 

ERROR installing On-premises data gateway (personal mode)


I'm having a problem to install the On-premises data gateway (personal mode) , when I'm inserting the user and password the installation this error  pops up and I can't to continue the installation and configuration. 


None of the solutions presented here solved the problem, I also don't have another machine where the Gateway can be installed



Error generating an asymmetric key.
Key not valid for use in specified state.

Server stack trace: 
   at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
   at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.PowerBI.DataMovement.Pipeline.InternalContracts.IGatewayConfigurationService.GenerateAsymmetricKey()
   at Microsoft.PowerBI.DataMovement.Pipeline.GatewayClient.GatewayConfigurationClient.GenerateAsymmetricKey()An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at Microsoft.PowerBI.DataMovement.CommonUtilities.AsymmetricKeyEncryptionHelper.ProduceAsymmetricKey(String containerName, Boolean cleanUpOldKeys)
   at Microsoft.PowerBI.DataMovement.Pipeline.Common.Diagnostics.PipelineTelemetryService.ExecuteInActivity[T](PipelineActivityType pipelineActivityType, Func`1 action)
   at SyncInvokeGenerateAsymmetricKey(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
Status: New

Hi @leudyston,


Please mask your personal data. 

The cause and the fix could be as follow.


The user mentioned in the error is the service user (usually NT Service\PBIEgwService), which is not usually the same user as the currently logged in user (e.g. re***nd\je**on).

This error is caused by a missing or corrupt "c:\users\PBIEgwService" folder. There is definitely a problem if you see "c:\users\TEMP". Uninstall reinstall will not fix the problem once the PBIEgwService user is created.


If the folder is their recycle bin restore it.

If the folder cannot be restored there are two options

  1. Run the service as another user


  1. Recreate the "c:\users\PBIEgwService" folder. To do this follow these steps
    1. Stop the PBIEgwService
    2. open an administrator command prompt
    3. cd c:\users
    4. robocopy default PBIEgwService /MIR /SEC /SECFIX /R:0 /XJ
    5. icacls PBIEgwService /grant PBIEgwService:F /T
    6. Start the PBIEgwService
    7. Configure the gateway

Best Regards,


Regular Visitor

@v-jiascu-msft I solved the problem by removing the "RSA" folder which is in the "C: \ Users \" NAME USER "\ AppData \ Roaming \ Microsoft \ Crypto" path.
With the help of an infrastructure friend, we identified that the error occurred for some reason of encryption with the application's user installer.
I could not solve the problem with the solution you presented probably because that PBIEgwservice user folder is only created for the GAteway NORMAL and what I was having was the PERSONAL MODE that runs with the user who installed it.


"NAME USER" = user who installed and is running the gateway (personal mode)


After removing the folder, simply start the Gateway setup again


That's great! Thanks for sharing the solution, @leudyston.


Best Regards,


Idea Statuses