Smart Card Enrollment Control (scrdenrl.dll) query 1

From: Fam (fwyen_at_yahoo.com)
Date: 02/17/04 

Date: Mon, 16 Feb 2004 22:38:48 -0800

I've tested with scrdenrl.dll (Smart Card Enrollment
Control) in Windows Server 2003. It can be use to enroll
a SmartcardLogon certificate on behalf of other user.
However when come to enrollment with key archival, it
didn't work.
I've read the microsoft document "Key Archival and
Management in Windows Server 2003 (white paper)". In this
document it stated the requirements for Key Archival:
Requirements
Key Archival and Recovery using a Windows Server 2003
certificate authority has several tenical dependencies:
- Enrollment requires the CMC protocol, which is only
available in Windows XP client, Windows Server 2003
clients, and through xenroll ActiveX control in the CA Web
enrollment interface. Through the Web enrollment
interface, Windows 2000 and Windows ME may enroll for
certificates with key archival.
Above point only mention about xenroll.dll and not
scrdenrl.dll.
I have also tested to use scrdenrl.dll to enroll for
certificate with key archival but it didn't work. The
error message is:
The request is missing a required private key for archival
by the server. 0x80094804(-2146875388)
Denied by Policy Module
However when I use the xenroll.dll to do the enrollment
for the same certificate template (with key archival),
then it works.
It seems to me that scrdenrl.dll cannot support key
archival certificate enrollment. Is that correct?

Relevant Pages

  • Re: install a renewed certificate in "My" store
    ... enrollment pages on the CA, the MMC will not know to perform the association ... Windows Server 2003 advanced certificate enrollment whitepaper: ... Best Practices for implementing Windows Server 2003 PKI: ... > I'm looking for a possibility for our users to install renewed> certificates. ...
    (microsoft.public.platformsdk.security)
  • Re: Smart Card Enrollment Control (scrdenrl.dll) query 1
    ... scrdenrl.dll is primarily for smartcard enrollment. ... > I've tested with scrdenrl.dll (Smart Card Enrollment ... > a SmartcardLogon certificate on behalf of other user. ... > Management in Windows Server 2003 ". ...
    (microsoft.public.platformsdk.security)
  • Re: Use Enrollment Agent for cards but require user logon as well?
    ... Best Practices for implementing Windows Server 2003 PKI: ... Windows Server 2003 web enrollment and troubleshooting guide: ...
    (microsoft.public.platformsdk.security)
  • Re: Certificate enrollment XEnroll failure
    ... I assume you are using Certificate Server 1.0 on NT 4.0? ... Best Practices for implementing Windows Server 2003 PKI: ... Windows Server 2003 web enrollment and troubleshooting guide: ...
    (microsoft.public.platformsdk.security)
  • Re: Wireless WPA on SBS not authenticating
    ... Automatic certificate enrollment for local system failed to contact the ... Enrollment will not be performed. ... certificate then tested on wireless. ... client PC or the router. ...
    (microsoft.public.windows.server.sbs)
Loading