unable to install mscep.dll: setup failed

From: runkeledv (runkeledv@t-online.de)
Date: 03/19/03 

From: runkeledv@t-online.de (runkeledv)
Date: 19 Mar 2003 11:22:10 -0800

Hi all,
Could someone please give advise to the following problem.

Server: 1x production machine W2k Server SP3
          1x testing machine W2k Server SP3

Mscep.dll: Version 5.131.2195.1

CA: root enterprise ca

Problem:
Every thing works ok on the testmachine.
On the Production machine i can not install mscep.dll.

If i execute cepsetup.exe, i get the following message:
"Setup failed. Failed to enroll RA certificates. Der Schlüsselsatz ist
nicht vorhanden." (Last german part meas something like "Key pair does
not exist").

Mscep.dll is installed at the right place and the web interface is
installed. Nevertheless the url server/certsrv/mscep/mscep.dll gives
back 500 internal Server Error.

Using the MMC Snapin I can see that there is one Certificate
EnrollmentAgentOffline created,but Certificate CEPEncryption is
missing.

Using the URL server/certsrv/, advanced, i am able to request a
certificate of Template CEPEncryption, but i am not able to install it
on the machine (Testserver does the same so this may be ok). Using the
MMC i can see that the certificate of Template CEPEncryption has been
enrolled.

I assumed a problem with IIS setup and switched on logging. I can see
the request from above but i can not see a get request belonging to
the installation of mscep.dll. This means: If i install MSCEP.DLL, the
IIS is not used, otherwise it would log. So this should not be an IIS
issue.

More things i tried to track down this one:
Compared all IIS related settings between both servers
Compared the installed Templates in Active Directory
Compared the allowed Autoenrollment Templates in group policy

Tried to run certsrv not as Service but standalone with "certsrv -z"
from the commandline. Got back 3 Lines while executing cepsetup.exe:
Certification Authority Service Ready (3s) ...

CertSrv-Anforderung 40: rc=0: (null) 'Ausgestellt'
Exit:Notify(certissued=1, ctx=468183) rc=0

Checked various logfiles with date of the installation of mscep.dll,
with no hints

Any tip for me ?

Thank you,

Stefan Runkel
System Administrator

Relevant Pages

  • Re: Windows Update repeats
    ... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ...
    (microsoft.public.windowsupdate)
  • RE: updates after format
    ... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ...
    (microsoft.public.windows.mediacenter)
  • Re: ?Expired Security Certif for MS Update
    ... MBSA should run fine on a new install. ... faith in the downloads I have, that used the expired certificate to get ... At the risk of sounding like an alien abductee, this security invasion ... Microsoft and signed by a CA that your computer trusts I would not worry ...
    (microsoft.public.windowsxp.security_admin)
  • How to migrate my VeriSign SSL certificate from IIS 4 to IIS 5
    ... We've got a Verisign SSL certificate installed on our MS IIS 4 server. ... we install the current SSL certificate on the ...
    (Focus-Microsoft)
  • RE: CA and Windows mobile 5.0
    ... certificate or Third party certificate? ... How did you install CA on your mobile device? ... If your Windows SBS Server is running ISA Server, ...
    (microsoft.public.windows.server.sbs)