Re: Advanced Client in mixed NT/AD Domain Help

From: Lance (lrissman_at_gmail.com)
Date: 08/05/04 

Date: 5 Aug 2004 07:54:36 -0700

Bryan,

I am having the same problem, but it only started occuring after i
moved my MP off of my Site Server.

To fix it, I moved it back to my site server, watched the
mpcontrol.log to verify that the mp registered in wins properly.
Then refreshed the client cache (nbtstat -R, nbtstat -RR) to "rush"
the testing process. Restarted the SMS Client Service, and everything
was working again.

It seems to me like a bit of a bug, but for now we have a workaround.

Enjoy
Lance.

Bryan Emplit <Bryan Emplit@discussions.microsoft.com> wrote in message news:<321DD3C2-EC5D-4288-A74D-C121EAA4242C@microsoft.com>...
> Good Day,
>
> I am having an issue where advanced clients cannot verify an MP Certificate Signature when the MP is in Active Directory, and the client is in and NT 4.0 domain. Pasted below is the CertificateMaintenance Log file text. Any help would be greatly appreciated.
>
> Regards,
> Bryan E. Emplit
>
> <![LOG[Refreshing the Management Point List for site GBS]LOG]!><time="16:20:38.484+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3000" file="lsad.cpp:3290">
> <![LOG[Retrieved Default Management Point from WINS: 10.150.2.112]LOG]!><time="16:20:38.546+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3000" file="lsad.cpp:3241">
> <![LOG[Refreshing trusted key information]LOG]!><time="16:20:38.593+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3000" file="lsad.cpp:3322">
> <![LOG[Client has bootstrapped trusted key information.]LOG]!><time="16:20:38.890+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3000" file="lsad.cpp:4346">
> <![LOG[Persisting the management point authentication information in WMI]LOG]!><time="16:20:38.890+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3000" file="lsad.cpp:3336">
> <![LOG[Persisted Management Point Authentication Information locally]LOG]!><time="16:20:38.984+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3000" file="lsad.cpp:3343">
> <![LOG[Refreshing Certifcate Information over HTTP]LOG]!><time="16:20:39.015+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3000" file="lsad.cpp:3678">
> <![LOG[Refreshed Certificate Information over HTTP]LOG]!><time="16:20:41.609+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3000" file="lsad.cpp:3757">
> <![LOG[Refreshing the Management Point List for site GBS]LOG]!><time="16:20:44.359+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3472" file="lsad.cpp:3290">
> <![LOG[Retrieved Default Management Point from WINS: 10.150.2.112]LOG]!><time="16:20:44.406+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3472" file="lsad.cpp:3241">
> <![LOG[Refreshing trusted key information]LOG]!><time="16:20:44.421+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3472" file="lsad.cpp:3322">
> <![LOG[Persisting the management point authentication information in WMI]LOG]!><time="16:20:44.671+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3472" file="lsad.cpp:3336">
> <![LOG[Persisted Management Point Authentication Information locally]LOG]!><time="16:20:44.718+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3472" file="lsad.cpp:3343">
> <![LOG[Refreshing Certifcate Information over HTTP]LOG]!><time="16:20:44.734+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3472" file="lsad.cpp:3678">
> <![LOG[Refreshed Certificate Information over HTTP]LOG]!><time="16:20:47.187+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3472" file="lsad.cpp:3757">
> <![LOG[Refreshing Certifcate Information over HTTP]LOG]!><time="16:21:16.140+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3124" file="lsad.cpp:3678">
> <![LOG[Signature is empty]LOG]!><time="16:21:16.390+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="3124" file="ccmgencert.cpp:2501">
> <![LOG[Signature is empty]LOG]!><time="16:21:16.609+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="3124" file="ccmgencert.cpp:2501">
> <![LOG[Failed to verify the mp thumbprint with error '0x80004005'.]LOG]!><time="16:21:16.609+240" date="07-26-2004" component="CertificateMaintenance" context="" type="2" thread="3124" file="lsad.cpp:4513">
> <![LOG[Failed to validate the certificate
'308201DA30820147A00302010202100C5890C7F9B7C6884CAA29D00FE5CD11300906052B0E03021D050030223112301006035504031309544F50534F46544443310C300A06035504031303534D533020170D3034303732313136343435355A180F32313034303632373136343435355A30223112301006035504031309544F50534F46544443310C300A06035504031303534D5330819F300D06092A864886F70D010101050003818D0030818902818100A5905214FB9502CEF37195EB0705A5B32652FA3188158
B08008DDFFF25F3EB7D662D39107DEEE480ADDD7F9C62003D62E30C22663BE507DB9E67B257F8A95DC0CD29123790C4C89D9AE447382D72EA197285166A7B7C0B318890932A367FDBC4AC80B65F566E81A049186EADAB12617423B93FBCA51D544EF498E840CCA08E90203010001A317301530130603551D25040C300A06082B06010401823765300906052B0E03021D05000381810020185E9653C85E5474438667E26535E7764546D1D8274C542DE2213894C6A3CDDFE5BCC103F122D3D1B1D745AFF7184546E1
BE2A8383B42CFF4830AEA33FBC7E7511A5FF941A108DA82A607FA4E91E45402BBA207765396FF468426B2BCD0B137F157DF4E99FE4594792F78286416E27F231997D115ED3CD0BF600AE3FDEAB9'
from management point 'TOPSOFTDC']LOG]!><time="16:21:16.609+240"
date="07-26-2004" component="CertificateMaintenance" context=""
type="2" thread="3124" file="lsad.cpp:3734">
> <![LOG[Refreshed Certificate Information over HTTP]LOG]!><time="16:21:16.625+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="3124" file="lsad.cpp:3757">
> <![LOG[Failed to verify signature for assigned MP]LOG]!><time="16:21:16.625+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="3124" file="hookimpl.cpp:154">
> <![LOG[Failed to verify signature for assigned MP]LOG]!><time="16:21:16.640+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="480" file="hookimpl.cpp:154">
> <![LOG[Failed to verify signature for assigned MP]LOG]!><time="16:21:18.265+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="480" file="hookimpl.cpp:154">
> <![LOG[Failed to verify signature for assigned MP]LOG]!><time="16:22:39.609+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="3840" file="hookimpl.cpp:154">
> <![LOG[Refreshing the Management Point List for site GBS]LOG]!><time="16:32:46.281+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3290">
> <![LOG[Retrieved Default Management Point from WINS: 10.150.2.112]LOG]!><time="16:32:47.265+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3241">
> <![LOG[Refreshing trusted key information]LOG]!><time="16:32:47.281+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3322">
> <![LOG[Persisting the management point authentication information in WMI]LOG]!><time="16:32:47.718+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3336">
> <![LOG[Persisted Management Point Authentication Information locally]LOG]!><time="16:32:47.937+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3343">
> <![LOG[Refreshing Certifcate Information over HTTP]LOG]!><time="16:32:48.171+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3678">
> <![LOG[Refreshed Certificate Information over HTTP]LOG]!><time="16:32:48.500+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3757">
> <![LOG[Refreshing Certifcate Information over HTTP]LOG]!><time="16:33:18.125+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3678">
> <![LOG[Signature is empty]LOG]!><time="16:33:18.328+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="232" file="ccmgencert.cpp:2501">
> <![LOG[Signature is empty]LOG]!><time="16:33:18.546+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="232" file="ccmgencert.cpp:2501">
> <![LOG[Failed to verify the mp thumbprint with error '0x80004005'.]LOG]!><time="16:33:18.546+240" date="07-26-2004" component="CertificateMaintenance" context="" type="2" thread="232" file="lsad.cpp:4513">
> <![LOG[Failed to validate the certificate
'308201DA30820147A00302010202100C5890C7F9B7C6884CAA29D00FE5CD11300906052B0E03021D050030223112301006035504031309544F50534F46544443310C300A06035504031303534D533020170D3034303732313136343435355A180F32313034303632373136343435355A30223112301006035504031309544F50534F46544443310C300A06035504031303534D5330819F300D06092A864886F70D010101050003818D0030818902818100A5905214FB9502CEF37195EB0705A5B32652FA3188158
B08008DDFFF25F3EB7D662D39107DEEE480ADDD7F9C62003D62E30C22663BE507DB9E67B257F8A95DC0CD29123790C4C89D9AE447382D72EA197285166A7B7C0B318890932A367FDBC4AC80B65F566E81A049186EADAB12617423B93FBCA51D544EF498E840CCA08E90203010001A317301530130603551D25040C300A06082B06010401823765300906052B0E03021D05000381810020185E9653C85E5474438667E26535E7764546D1D8274C542DE2213894C6A3CDDFE5BCC103F122D3D1B1D745AFF7184546E1
BE2A8383B42CFF4830AEA33FBC7E7511A5FF941A108DA82A607FA4E91E45402BBA207765396FF468426B2BCD0B137F157DF4E99FE4594792F78286416E27F231997D115ED3CD0BF600AE3FDEAB9'
from management point 'TOPSOFTDC']LOG]!><time="16:33:18.546+240"
date="07-26-2004" component="CertificateMaintenance" context=""
type="2" thread="232" file="lsad.cpp:3734">
> <![LOG[Refreshed Certificate Information over HTTP]LOG]!><time="16:33:18.562+240" date="07-26-2004" component="CertificateMaintenance" context="" type="1" thread="232" file="lsad.cpp:3757">
> <![LOG[Failed to verify signature for assigned MP]LOG]!><time="16:33:18.562+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="232" file="hookimpl.cpp:154">
> <![LOG[Failed to verify signature for assigned MP]LOG]!><time="16:33:18.578+240" date="07-26-2004" component="CertificateMaintenance" context="" type="3" thread="516" file="hookimpl.cpp:154">

Relevant Pages

  • RE: EVENT ID 4100 problem
    ... containing this fix. ... > the subscriber ... > CoCreateInstanceEx returned HRESULT ... on my site server I'm getting these error ...
    (microsoft.public.sms.admin)
  • Re: Q313450 and Q319733 breaks Microsoft Site Server 3.0 membership authentication (additional info
    ... > After Q313450 installed Membership authentication via LDAP supported by ... > Microsoft Site Server 3.0 doesn't work. ... Membership authentication after installing Q319733. ... boot in Safe Mode to apply the fix. ...
    (NT-Bugtraq)
  • RE: WMI Repository Rebuild on Site Server
    ... If you are hesitant to open up call, what are your "issues with HINV" on ... Maybe we can help you fix that without doing anything drastic, ... the server and restore from backup, because messing w/WMI on your site server ... Any problems rebuilding the repository on ...
    (microsoft.public.sms.admin)
  • SMS security update (mssecure.cab)
    ... OK I think I know whats happening, however I am not sure how to fix this ... I look at the mssecure.cab file on the site server and it is the ... but on my clients machines within the vpcache folder it ...
    (microsoft.public.sms.misc)
  • SMS security update (mssecure.cab)
    ... OK I think I know whats happening, however I am not sure how to fix this ... I look at the mssecure.cab file on the site server and it is the ... but on my clients machines within the vpcache folder it ...
    (microsoft.public.sms.admin)