On Premises Data Gateway - Bad Gateway error - System.Security.Cryptography.CryptographicException: Key not valid for use in specified state

Question

On Premises Data Gateway - Bad Gateway error - System.Security.Cryptography.CryptographicException: Key not valid for use in specified state

Scott Henderson 0

We are seeing intermittent issues where workflows are failing across many On Premise Data Gateways with the same Bad Gateway Error (502) error. We are also seeing intermittent issues in creating new connections with the same error. The error detail is as follows:

message:Unexpected Exception : System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.\r\n\r\n at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters Boolean randomKeyContainer)\r\n at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType CspParameters parameters Boolean randomKeyContainer Int32 dwKeySize SafeProvHandle& safeProvHandle SafeKeyHandle& safeKeyHandle)\r\n at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()\r\n at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize CspParameters parameters Boolean useDefaultKeySize)\r\n at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()\r\n at System.Security.

We have systems with On Prem Data Gateways in Australia east and Australia southeast, and it does not appear to be region specific.

Is anyone else experiencing this issue?

Rakesh Mishra 8,420 Reputation points Microsoft External Staff Moderator

2026-05-06T02:22:29.4833333+00:00
Hi Scott,

Thanks for reaching out in Microsoft Q&A forum,

A 502 Bad Gateway error in this context generally means the communication channel between the cloud service and your local data source is broken. Please verifying the following:

Ensure the gateway status is 'Online' in the admin portal.

Re-authenticate your connection in the 'Connections' tab to ensure credentials haven't expired.

Check if your IT team recently implemented any new firewall rules or DLP policies that might be blocking the connection.

Check the local gateway logs on the server for more granular 'upstream' error details.

Your question is related to Power Platform and is currently not supported in the Q&A forum, the supported products are listed over here Supported products on MS Q&A (more to be added later on).

If the error persists, you can ask the experts in the dedicated MS Power platform community forum.

Can you please open as a new thread in MS Power platform community Find Answers | Microsoft Power Platform Community

I hope it helps! and do let me know if you have further queries.
Scott Henderson 0 Reputation points

2026-05-06T02:52:55.4733333+00:00

Hi Rakesh. We are using logic apps in Azure, hence why i posted here. We have performed all of those checks as well as some restore of config that is recommended to no avail. My other feeling that it is more platform related is that we see it intermittently across OPDG installs on many different client networks as well as our own. So it is not just one OPDG that is giving this error. it feels like a section of Azure infrastructure may be having an issue.
Rakesh Mishra 8,420 Reputation points Microsoft External Staff Moderator

2026-05-06T02:55:47.0866667+00:00

Hi Scott, I have reached out to you over private message regarding some information. Could you please check and share the requested information to assist you further on this.
D J S 0 Reputation points

2026-05-06T06:00:27.1266667+00:00

We are experiencing what appears to be the exact same issue which has just started earlier today. We are running a number of Azure Logic apps and workflows across the apps are intermittently failing with the same 502 Bad Gateway error (Key not valid for use in specified state)

This is not constant. Some workflow runs succeed, some fail. Occurring for us for around the past 10 hours.

We have tried all of the generic suggested resolutions we've found without luck so far.
Scott Henderson 0 Reputation points

2026-05-06T06:46:36.1833333+00:00

Sounds like exactly the same as us. We have a P1 support case in at the moment, have heard nothng back after the initial chat, it has been 4 hours now....

1 answer

Your answer

Rakesh Mishra 8,420 Reputation points Microsoft External Staff Moderator

2026-05-06T02:22:29.4833333+00:00

Hi Scott,

Thanks for reaching out in Microsoft Q&A forum,

A 502 Bad Gateway error in this context generally means the communication channel between the cloud service and your local data source is broken. Please verifying the following:

Ensure the gateway status is 'Online' in the admin portal.

Re-authenticate your connection in the 'Connections' tab to ensure credentials haven't expired.

Check if your IT team recently implemented any new firewall rules or DLP policies that might be blocking the connection.

Check the local gateway logs on the server for more granular 'upstream' error details.

Your question is related to Power Platform and is currently not supported in the Q&A forum, the supported products are listed over here Supported products on MS Q&A (more to be added later on).

If the error persists, you can ask the experts in the dedicated MS Power platform community forum.

Can you please open as a new thread in MS Power platform community Find Answers | Microsoft Power Platform Community

I hope it helps! and do let me know if you have further queries.
Scott Henderson 0 Reputation points

2026-05-06T02:52:55.4733333+00:00

Hi Rakesh. We are using logic apps in Azure, hence why i posted here. We have performed all of those checks as well as some restore of config that is recommended to no avail. My other feeling that it is more platform related is that we see it intermittently across OPDG installs on many different client networks as well as our own. So it is not just one OPDG that is giving this error. it feels like a section of Azure infrastructure may be having an issue.
Rakesh Mishra 8,420 Reputation points Microsoft External Staff Moderator

2026-05-06T02:55:47.0866667+00:00

Hi Scott, I have reached out to you over private message regarding some information. Could you please check and share the requested information to assist you further on this.
D J S 0 Reputation points

2026-05-06T06:00:27.1266667+00:00

We are experiencing what appears to be the exact same issue which has just started earlier today. We are running a number of Azure Logic apps and workflows across the apps are intermittently failing with the same 502 Bad Gateway error (Key not valid for use in specified state)

This is not constant. Some workflow runs succeed, some fail. Occurring for us for around the past 10 hours.

We have tried all of the generic suggested resolutions we've found without luck so far.
Scott Henderson 0 Reputation points

2026-05-06T06:46:36.1833333+00:00

Sounds like exactly the same as us. We have a P1 support case in at the moment, have heard nothng back after the initial chat, it has been 4 hours now....

Answer 1

The error System.Security.Cryptography.CryptographicException: Key not valid for use in specified state with on-premises data gateways is associated with problems generating or accessing the asymmetric key material the gateway uses. A known cause is antivirus or security software corrupting or deleting the RSA key files that the gateway relies on during setup or runtime.

For on-premises data gateways, the documented remediation for asymmetric key issues is:

Temporarily disable or reconfigure antivirus
- Antivirus products such as McAfee Endpoint Defender can interfere with the gateway’s cryptographic files and processes.
- Configure the antivirus to ignore the gateway process, or temporarily disable it while fixing the issue and testing.
Remove the corrupted RSA key container for the gateway service account
- Delete the RSA folder under the profile of the gateway service account, for example:
  - C:\Users<GW Service Account User>\AppData\Roaming\Microsoft\Crypto\RSA
- Note: Depending on whether the gateway is running under a user profile or a service profile, the root path can differ; ensure the correct profile for the gateway service account is used.
Restart the machine and complete gateway setup/sign-in
- After deleting the RSA folder and adjusting antivirus, restart the gateway machine.
- Re-run the gateway setup/sign-in so new, valid keys are generated.
Ensure all gateways are on a supported, current version
- Install the latest on-premises data gateway build on all affected machines. Only the last six releases are actively supported, and many reliability issues are resolved in monthly updates.
- If using gateway clusters, keep all members on the same version to avoid intermittent failures.
Check for general gateway connectivity issues
- If 502 errors persist after fixing the cryptographic issue, verify that each gateway can reach required Azure endpoints and ports by running the network ports test and reviewing firewall/proxy configuration.

If, after these steps, the intermittent 502 and cryptographic errors continue across multiple gateways, open a support ticket for the cloud service using the gateway so logs and environment details can be reviewed.

References:

Share via

On Premises Data Gateway - Bad Gateway error - System.Security.Cryptography.CryptographicException: Key not valid for use in specified state

1 answer

Your answer