Re: Certificate-Problem

From: Sven <Sven@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 25 Aug 2006 14:40:02 -0700

Drew,

thanks for your answer.

ACL on the specified folder are set correctly. I am able to import the cert
for the user on a PC (different profile). Only on the WTS ist won't work.

As local Admin or Domain Admin it works also on the WTS. The User with local
Admin group membership will not work...

Any mor suggestions?

Sven

"Drew Hammond [MS]" wrote:

Hi,

Check out these KB articles to see if they describe exactly what you see.
http://support.microsoft.com/?kbid=269518
http://support.microsoft.com/kb/313494

Also, I ran into a user post suggesting to change some folder permissions:
> I change perms on C:\Documents and Settings\All
Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys folder to allow full
control for administrators and then the certs imported correctly.
(http://pluralsight.com/blogs/aaron/archive/2004/07/13/1623.aspx - near
bottom of page)

Thanks,
Drew

--
Drew Hammond
Terminal Services Developer in Test
TS team blog: http://blogs.msdn.com/ts

This posting is provided "AS IS" with no warranties, and confers no rights.
"Sven" <Sven@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B4995F03-07D1-450E-BCBF-053E3A0DD810@xxxxxxxxxxxxxxxx

All,

I have a small problem installing a certificate for a user on a Windows
2000
Server with WTS enabled.

When the user tries to install the certificate (.p12 file) he receives the
following error:

An internal error occurred. The private key that you are importing might
require a cryptographic service provider that is not installed on your
system.

When I am doing this as a local Admin it works fine.
Now my thougt was to make the user a member of the local admin group on
the
server and install the certificate, the log off the user and remove him
from
this group.

The same errormessage occurs when trying to install the cert.

Anyone can help?

Prev by Date: Re: Loopback GPO not working
Next by Date: Re: I need RDP to XP Client behind Server 2003 help.
Previous by thread: Re: Terminal Services Newbie Question
Next by thread: Re: I need RDP to XP Client behind Server 2003 help.
Index(es):
- Date
- Thread

Relevant Pages

Re: Mobile User Wants Email downloaded to exchange while offline
... Getting the self signed cert on either a Treo 700w or Motorola Q from ... Verizon seems to require the specific installer MS has available for Verizon ... and on the device just launch it to install the cert. ... Thanks - I'm trying to avoid pop connector setup since everyone ...
(microsoft.public.windows.server.sbs)
Re: Direct Push failed.
... he security certificatee on the server is invalid. ... If have this error which means my ISA is working correctly am i right? ... The way is to export out the root cert from the ... In some cases you will have to install the trusted root certificate. ...
(microsoft.public.exchange.setup)
Re: SMS 2003 must use domain admin. to install?
... You need to add the MEMBER_SERVER$ to the local admin group on the DC. ... you want to publish in AD you have to give the same account full control ... >>> I try to install SMS2003 using advanced security, ...
(microsoft.public.sms.setup)
Re: Assigning applications to clients with USER GROUP privilege
... the security group and relogged on the same problem occured. ... >> network they were not able to install frontpage because the desktop ... > You can temporarily grant the user local admin rights. ... >>> I don't like adding users to the local administrators group. ...
(microsoft.public.windows.server.sbs)
Re: Creating folder - Marina Roos
... the same user account also created in the local computer ... and add to local admin group aswell. ... This program will install per user ...
(microsoft.public.backoffice.smallbiz)