Unable to install certificates and unable to patch
- From: "Nancy R" <NancyR@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 Aug 2005 08:46:41 -0700
Hello,
We have three terminal servers that we are not able to install MS
patches/updates. We receive the following error:
"Setup could not verify the integrity of the file Update.inf. Make sure the
Cryptographic service is running on this computer."
I went through all of suggestions in KB article 822798 and i believe that
the problem on these three servers is happening because they are all missing
both the "Verisign Commercial Software Publishers CA" and the "Thawte
Timestamping CA" certificates.
I went to our mail servers (W2K3 and Exchange 2003). Both of these servers
had the correct certificates (I verified both the dates and the serial
numbers against KB 293781). I successfully exported both certificates to a
network share.
This is where it gets tricky. I logged into the servers both as the local
administrator (they are not DCs) and with my domain admin account to try to
import the certificates. When I allow the import wizard to choose where to
put the certs, it fails with the following error:
"An error occurred during the addition of a certificate to the Trusted Root
Certification Authorities store."
When specify it to put them into the Trusted Root Certificate store I get
the following message:
"The import failed because the store was read-only, the store was ffull, or
the store did not open correctly."
Now I looked through our GPOs and did not see anything on any of our
policies that is restricting who or whether or not certificates can be
installed.
In addition to needing to get these two certificates installed, we are also
concerned that they were not put there in the first place as KB article
293781 indicates that they are required for the OS to function properly.
Two of our terminal servers are running Citrix MetaFrame Presentation Server
3.0 however, the one with SP1 installed is not. It is a fresh build,
destined for Citrix MetaFrame Presentation Server 4.0 but not until we are
able to successfully install MS updates.
We used the same initial install process for the terminal servers as we did
for our two Exchange boxes and are somewhat unsure as to why they have the
certificates.
So here are my questions:
1) How do I get these certificates installed?
2) Do these certificates come as part of another W2K3 component and if so,
will adding then removing the component retain the certificates?
Please help!
Thanks,
Nancy
.
- Prev by Date: RE: Some strange RIS problems
- Next by Date: Re: No ping or network after updates...
- Previous by thread: Viewing custom Performance Monitor counters
- Next by thread: Server 2003 and boot logging?
- Index(es):
Relevant Pages
|
