Re: Certificate request failed. Keyset does not exist

Jacky,

This is a weird one.

my configuration history:

Original Win2K3 SP1 server domain called SOHO
Replaced with Win2K3 SBS on same server PC (clean install) with domain
longsoho

I did not remove my 5 winXP PC's from old domain prior to install of SBS

Configured SBS per instructions in MS Windows SBS 2003 R2 administrator's
companion

Error logs showed a winXP client joining longsoho did not have proper SID
and need to re-establish trust.

I am trying to setup certificate based VPN validation. I install IAS and CA
on server. Created the domain controller certificate "LongSOHO Root CA" on
the server. My first attempt to create the certificates on the win XP failed
due to permission errors when domain was re-configured. This is when I found
the "trust" issue. I rebuilt the machine name & account and now am at this
level of problem on my main laptop that I wish to make VPN capable.

I open MMC certificate for local machine & current user.

I request a certificate for the local machine - computer. The wizard opens
and I fill-in per the manual. When I submit I get this error:

The certificate request failed. Keyset does not exist

I can successfully add certificates to current user for Basic EFS and User
by the same method. Only the local computer certificate fails.

On the server CA, it shows issuing a certificate for the WinXP machine. No
certificate shows on the WinXP Local Computer personal certificates folder.
NO errors on server logs for CA.

How do I achieve the creation of a local computer certificate?

Thanks






""Jacky Luo [MSFT]"" <v-jaluo@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:X1$b3EBXHHA.2352@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi John,

Thanks for posting here.

From the description, I understand the issue is that the certificate
request failed on your

winxp client. If I am off base, please don't hesitate to let me know.

Please verify that the Certification Authority is started and that you
have
sufficient

permissions to request a certificate.

You receive a "Failed to generate the certificate request" error message
when you try create

a certificate request in IIS

http://support.microsoft.com/kb/908572/en-us


more information:

Error message when a client computer requests a certificate from a
computer
that is running

Windows Server 2003 with Service Pack 1: "The wizard cannot be started
because of one or

more of the following conditions"

http://support.microsoft.com/kb/927066/en-us

Error message when you request a certificate from a computer that is
running Windows Server

2003 with Service Pack 1: "The certificate request failed because of one
of
the following

conditions."

http://support.microsoft.com/kb/929494/en-us

Description of the changes to DCOM security settings after you install
Windows Server 2003

Service Pack 1

http://support.microsoft.com/kb/903220/en-us

Request a computer certificate for server authentication

http://technet2.microsoft.com/WindowsServer/en/library/f9871e14-e923-47d3-a7
ff-

0c1a6cfc1f4d1033.mspx?mfr=true


Please check the error information about certsvc in application log both
on
client and

server.

I appreciate your time. I am happy to be of assistance and look forward to
your reply.

Have a nice day!

Best regards,

Jacky Luo (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
====================================================
PLEASE NOTE: The partner managed newsgroups are provided to
assist with break/fix issues and simple how to questions.
We also love to hear your product feedback! Let us know what you think by
posting

from the web interface: Partner Feedback
from your newsreader: microsoft.private.directaccess.partnerfeedback.

We look forward to hearing from you!
====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from this issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
====================================================



.

Relevant Pages

  • Re: New Event Log Errors!
    ... Somehow along those lines I'd also installed the Certificate Authority ... Did you apply the last Server Pack for SBS Server? ... Please install Windows Support Tools on the win2k3 sp1 problematic ... Microsoft is providing this information only as a convenience to you: ...
    (microsoft.public.windows.server.sbs)
  • Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
    ... Certificates - going to be using a SAN Certificate like I have many times before. ... We are making this a virtual server (someone is going on-site on Thursday to install VMWare (which will kill everything on this box) and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
    (microsoft.public.exchange.admin)
  • Re: Change public domain name for E-mail and Web on SBS2003
    ... self-cert from everything while the request was being processed. ... I need to change the e-mail addresses, and the SSL certificate to match ... just run the Connect to the Internet Wizard ... request and install the new SSL Cert? ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)
  • Re: Outlook RPC over HTTp deosnt work
    ... Go to remote web workplace (or Outlook Web Access), accept the certificate prompt, 'view', and 'install' the certificate - accepting all the defaults. ... > when you try to use RPC over HTTP to connect the Exchange Server. ...
    (microsoft.public.windows.server.sbs)