HiI have a PKI environment I inherited and now suuport.THe initial CAROOTCDP and AIA have defined as file (file://\\srvname\pkicrl\CA_Name.crl and file://\\srvname\CertEnroll\CA_Name.crtrespectively)WhenI open PKIView on a Windows XP box all shows up green as it is in reality.When I open Enterprise PKI on a Windows Vista sp1 box the file location show up red with a status of "Unable To Download".If I copy the URL from Enterprise PKI on the Vista box, copy and paste it in the run box i can access the crl and crt files (so I assume it not a permissions problem)Any idesa?ThanksYarivyarivb

PKIView does the downloads of the URLs in the context of the machine, not the user. It looks like you have not configured the proxy on the Windows Vista box (for the system). The reason that a pasted URL works, is that you are pasting it in a browser (with the proxy configured) and the download is taking place in the user context.The command on Vista is:netsh winhttp set proxy proxy.example.com:8080 "*.example.com;*.sample.com"This sets the proxy server as proxy.example.com , listening on port 8080. It also bypasses the proxy for all example.com and sample.com URLs.Brian

thansks, ill give it a tryyarivb

Im am having the exact same problem... Did you ever find a solution to strange crl access problems. Open PKIView on a Windows XP box, ALL IS OKOpen PKIView on a Windows Vista / Windows 7 box, Errors and unable to download. Start / Run on vista / 7 and use the excact same Path i get access to my CRL???//Koffe

Hello Brian.I have the same problem. We dont use proxy... Is your answer still valid or am i having some strange other problems :(.//Koffe

Hi, What about LDAP and HTTP CRL? Are their status OK? If so, please check the file://\\srvname\pkicrl\CA_Name.crl and make sure its not expired. Also, try to publish a new CRL to test. ThanksThis posting is provided "AS IS" with no warranties, and confers no rights.

Hello Thanks for answering....Yes LDAP and HTTP is OK! If i putt the file://\\srvname\pkicrl\CA_Name.crl in START / RUN i get access to my crl and it is valid not expired.Yes I can pulish a new CRL, that changes the date and time for my crlThe strange part is that if we use XP all is fine and all test are ok. Even one "older" Vista machine is ok. Old vista has same domain and same Gpo roles. FW i open (Rule ALl alowed both ways) All have access to the file share. It sems like when i as a User asks for crlall is ok but when Vista (System) ask for crl i get unable to download.Also We use no proxy.... Is the any GPO rulles thatcan make tis strang behaivor. Is the difrent rules for accessing crl in vista and Windwos 7 than XP, Does all entrys inhave to be ok.Any ideeasPlease help...

The client has failed to validate the Domain Controller certificate for xxx.local. The following error was returned from the certificate validation process: The revocation function was unable to check revocation because the revocation server was offline.Is the error message...works on all XPs and 2003 Servers. Only one Vista. Any ideeas

Is there a asnwer here. I cant t see it