Certificate issuing Windows 2003 Server - Vista SP1 Problem. Please help!!
Hi, We just rebuild our internal PKI infrastructure that means, wedeployed one ROOT offline standalonePKI server (Windows SERVER 2003)and one Online Enterprise PKI Issuing server (Windows SERVER 2003). We configured our CRL and AIA publishing points and everythings is working fine but here isa problem... MS is not MS if there is not a problems ) The issuing of certificates is working good on Windows XP and Vista. We created certificates ver. 2 and also is working fine on both OS. We created KRA (key recovery agents) and we checked the templates ver. 2"Archive subject's encryption private key" (we wanted the users private keys it be archived and there is a problem!! For Windows XPSP3 is working fine but on Vista we are receiving the following error: "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.(Error: 0x800B0112)." It seems that is problem with one of the CA certificates but on some Vistacomputers the issuing is working!! I dont believe that is certificate validation. Also I installed Windows Vista SP1 new machine without any installed software and I have the same problem. Resume: Problem on Vista SP1 with issuing of certificates ver.2 where the ""Archive subject's encryption private key" is checked. Does anyone has similar experience? Thanks for your help Tomas
December 8th, 2008 8:03pm

Hi Tomas, before we go further, let's check if the following KB article is helpful regarding the issue: http://support.microsoft.com/default.aspx/kb/255681 Meanwhile, is there any difference between problematic Windows Vista computers and others Windows Vista computers?
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2008 9:26am

Hi Sean, Thanks for the link but I already checked that and Root CA and Issuing CA Certificates are in their appropriate stores. For the problematic Vista machines I couldn't say where is the difference.. This is production machines, on some of theme is working and on some of theme is not working. I tried without and with SP1 and I have the same problem. I installed clean Vista machine with SP1 and I have the same problem. Maybe on the working productions machines is installed something plus or some security settingsare disabled, I'm not sure. I did compare and I couldn't find where the difference is. Tomas
December 11th, 2008 5:49pm

Hi Tomas, since the issue also occurs on clean install Windows Vista computer, I recommend you also post the issue to our server forum via the following link: http://social.technet.microsoft.com/Forums/en-US/category/windowsserver/ Hope this helps! Sean Zhu - MSFT
Free Windows Admin Tool Kit Click here and download it now
December 12th, 2008 9:13am

Ok Sean,This is the link of my issue on the Server's link:http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/446d7e1f-16a7-43e1-a866-3786528b22e6ThanksTomas
December 12th, 2008 5:30pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics