RE: Certificate Mapping - Debugging

Hi Mark,

Has his client certificate's private been properly exported and installed
on the user's computer? On the problematic client machine, open mmc.exe and
add Certificates snap-in, select current user. Verify the certificate in
Personal store. There should be a line 'You have a private key
corresponds...' indicates the cert's private key is properly installed.

Furthermore, the CA which issues the client certificate must be trusted by
the IIS server, which means the CA's certificate must be installed on IIS
server's computer account's Trusted Root CA store. You can launch
Certificates mmc and open Computer account's store to check this.

To narrow down the problem, you may install his client cert on your machine
and mapping it to your user account to test. If this doesn't work as well,
the problem has been confirmed on the cert or its trust relation.



WenJun Zhang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:

Get notification to my posts through email? Please refer to

MSDN Managed Newsgroup support offering is for non-urgent issues where an
initial response from the community or a Microsoft Support Engineer within
2 business day is acceptable. Please note that each follow up response may
take approximately 2 business days as the support professional working with
you may need further investigation to reach the most efficient resolution.
The offering is not appropriate for situations that require urgent,
real-time or phone-based interactions. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
This posting is provided "AS IS" with no warranties, and confers no rights.