Re: Terminal servers missing required certificates

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 08/11/05

• Next message: Steven L Umbach: "Re: Win Xp dlt/fornat & BIOS protection"
• Previous message: Steven L Umbach: "Re: NT User A/C Lock"
• In reply to: Nancy R: "Terminal servers missing required certificates"
• Next in thread: Nancy R: "Re: Terminal servers missing required certificates"
• Reply: Nancy R: "Re: Terminal servers missing required certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 10 Aug 2005 19:37:40 -0500

Try logging on as a "local" administrator on those servers. Then use the mmc
snapin for certificates for computer account and go to the folder for
trusted root certificate authorities/certificates. Right click the folder,
select all tasks - import and try to import the certificates that way. Also
look in the application/system logs on those servers to see if any pertinent
problems are reported. Verify that the Cryptographic service is running on
this computer as the error message indicates. --- Steve

"Nancy R" <NancyR@discussions.microsoft.com> wrote in message
news:A7AF7F20-A75C-41D7-8DF9-F3FC9F6AB939@microsoft.com...
> Hello,
>
> We have three terminal servers that we are not able to install MS
> patches/updates. We receive the following error:
>
> "Setup could not verify the integrity of the file Update.inf. Make sure
> the
> Cryptographic service is running on this computer."
>
> I went through all of suggestions in KB article 822798 and we believe that
> the problem on these three servers is happening because they are all
> missing
> both the "Verisign Commercial Software Publishers CA" and the "Thawte
> Timestamping CA" certificates.
>
> I went to our mail servers (W2K3 and Exchange 2003). Both of these
> servers
> had the correct certificates (I verified both the dates and the serial
> numbers). I successfully exported both certificates to a network share.
>
> This is where it gets tricky. I logged into the servers both as the local
> administrator (they are not DCs) and with my domain admin account to try
> to
> import the certificates. When I allow the import wizard to choose where
> to
> put the certs, it fails with the following error:
>
> "An error occurred during the addition of a certificate to the Trusted
> Root
> Certification Authorities store."
>
> When specify it to put them into the Trusted Root Certificate store I get
> the following message:
>
> "The import failed because the store was read-only, the store was ffull,
> or
> the store did not open correctly."
>
> Now I looked through our GPOs and did not see anything on any of our
> policies that is restricting who or whether or not certificates can be
> installed.
>
> In addition to needing to get these two certificates installed, we are
> also
> concerned that they were not put there in the first place as KB article
> 293781 indicates that they are required for the OS to function properly.
>
> Two of our terminal servers are running Citrix MetaFrame Presentation
> Server
> 3.0 however, the one with SP1 installed is not. It is a fresh build,
> destined for Citrix MetaFrame Presentation Server 4.0 but not until we are
> able to successfully install MS updates.
>
> We used the same initial install process for the terminal servers as we
> did
> for our two Exchange boxes and are somewhat unsure as to why they have the
> certificates.
>
> So here are my questions:
>
> 1) How do I get these certificates installed?
> 2) Do these certificates come as part of another W2K3 component and if so,
> will adding then removing the component retain the certificates?
>
> Please help!
>
> Thanks,
> Nancy

---

• Next message: Steven L Umbach: "Re: Win Xp dlt/fornat & BIOS protection"
• Previous message: Steven L Umbach: "Re: NT User A/C Lock"
• In reply to: Nancy R: "Terminal servers missing required certificates"
• Next in thread: Nancy R: "Re: Terminal servers missing required certificates"
• Reply: Nancy R: "Re: Terminal servers missing required certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Unable to install certificates and unable to patch ... We have three terminal servers that we are not able to install MS ... Timestamping CA" certificates. ... When specify it to put them into the Trusted Root Certificate store I get ... (microsoft.public.windows.server.general) Terminal servers missing required certificates ... We have three terminal servers that we are not able to install MS ... Timestamping CA" certificates. ... When specify it to put them into the Trusted Root Certificate store I get ... (microsoft.public.security) Re: Multiple web hosts and SSL ... It is possible to create a "wildcard" cert using the name *.domain.com ... though there may be some limitations on which browsers [or servers?] can use ... packs had problems with wildcard certs, until service pack 1 or later was ... The price is not the same as non-wildcard certificates... ... (microsoft.public.inetserver.iis.security) Re: Terminal Services + IPsec using certificates? ... protect any data exchanged between client and server. ... have to manually set Encryption level to high. ... If you decide to use certificates for IPSec each computer would get it's own ... > of security around the servers. ... (microsoft.public.win2000.security) Re: Terminal servers missing required certificates ... Certificates snap-in. ... They are now installed and I was able to successfully install the Windows ... >> We have three terminal servers that we are not able to install MS ... >> Two of our terminal servers are running Citrix MetaFrame Presentation ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)