Re: Terminal servers missing required certificates

From: Nancy R (NancyR_at_discussions.microsoft.com)
Date: 08/11/05 

Date: Thu, 11 Aug 2005 06:19:07 -0700

Hi Steve,

Thank you so much. I must have been trying to import them incorrectly. I
was using the Certificates link through IE, I wasn't aware that there was a
Certificates snap-in.

They are now installed and I was able to successfully install the Windows
Installer update.

Nancy

"Steven L Umbach" wrote:

> Try logging on as a "local" administrator on those servers. Then use the mmc
> snapin for certificates for computer account and go to the folder for
> trusted root certificate authorities/certificates. Right click the folder,
> select all tasks - import and try to import the certificates that way. Also
> look in the application/system logs on those servers to see if any pertinent
> problems are reported. Verify that the Cryptographic service is running on
> this computer as the error message indicates. --- Steve
>
>
> "Nancy R" <NancyR@discussions.microsoft.com> wrote in message
> news:A7AF7F20-A75C-41D7-8DF9-F3FC9F6AB939@microsoft.com...
> > Hello,
> >
> > We have three terminal servers that we are not able to install MS
> > patches/updates. We receive the following error:
> >
> > "Setup could not verify the integrity of the file Update.inf. Make sure
> > the
> > Cryptographic service is running on this computer."
> >
> > I went through all of suggestions in KB article 822798 and we believe that
> > the problem on these three servers is happening because they are all
> > missing
> > both the "Verisign Commercial Software Publishers CA" and the "Thawte
> > Timestamping CA" certificates.
> >
> > I went to our mail servers (W2K3 and Exchange 2003). Both of these
> > servers
> > had the correct certificates (I verified both the dates and the serial
> > numbers). I successfully exported both certificates to a network share.
> >
> > This is where it gets tricky. I logged into the servers both as the local
> > administrator (they are not DCs) and with my domain admin account to try
> > to
> > import the certificates. When I allow the import wizard to choose where
> > to
> > put the certs, it fails with the following error:
> >
> > "An error occurred during the addition of a certificate to the Trusted
> > Root
> > Certification Authorities store."
> >
> > When specify it to put them into the Trusted Root Certificate store I get
> > the following message:
> >
> > "The import failed because the store was read-only, the store was ffull,
> > or
> > the store did not open correctly."
> >
> > Now I looked through our GPOs and did not see anything on any of our
> > policies that is restricting who or whether or not certificates can be
> > installed.
> >
> > In addition to needing to get these two certificates installed, we are
> > also
> > concerned that they were not put there in the first place as KB article
> > 293781 indicates that they are required for the OS to function properly.
> >
> > Two of our terminal servers are running Citrix MetaFrame Presentation
> > Server
> > 3.0 however, the one with SP1 installed is not. It is a fresh build,
> > destined for Citrix MetaFrame Presentation Server 4.0 but not until we are
> > able to successfully install MS updates.
> >
> > We used the same initial install process for the terminal servers as we
> > did
> > for our two Exchange boxes and are somewhat unsure as to why they have the
> > certificates.
> >
> > So here are my questions:
> >
> > 1) How do I get these certificates installed?
> > 2) Do these certificates come as part of another W2K3 component and if so,
> > will adding then removing the component retain the certificates?
> >
> > Please help!
> >
> > Thanks,
> > Nancy
>
>
>

Relevant Pages

  • Unable to install certificates and unable to patch
    ... We have three terminal servers that we are not able to install MS ... Timestamping CA" certificates. ... When specify it to put them into the Trusted Root Certificate store I get ...
    (microsoft.public.windows.server.general)
  • Terminal servers missing required certificates
    ... We have three terminal servers that we are not able to install MS ... Timestamping CA" certificates. ... When specify it to put them into the Trusted Root Certificate store I get ...
    (microsoft.public.security)
  • Re: RECOVERING MY ENCRYPTED HD FROM DEAD WINDOWS 2000
    ... certificates were probably only stored on the reinstalled ... file encryption key - different for each file, ... document formats have some standard bytes in - once matched ... The install wouldn't ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Run Fax Service under a different User Account gives "Win32 Error Code: 1307" error
    ... I've been trying to do that, but I can't seem to get the certificates to ... I wouldn't want to give the "Network Service" account access to the ... encrypted files because then any service running under the Network Service ... know of any way to install the certificate for the Network Service user. ...
    (microsoft.public.win2000.fax)
  • Re: IAS / RRAS
    ... Install Certificate services ... Configure the VPN connectoid and set it for l2tp connections? ... So you may want to try to do without the IAS server until problems ... > are resolved to rule it out as a problem.As far as certificates, ...
    (microsoft.public.windows.server.networking)