Re: SOLVED! cause: cut&paste of certs in the mmc certs snap in does not include private keys!

From: Mark Swift [MSFT] (mswift@online.microsoft.com)
Date: 04/18/03

Next message: Jim Nugent: "Re: Lost EFS Recovery Key for local admin"
Previous message: Rob: "Re: Admin.dll Httpodbc.dll"
In reply to: flipper: "SOLVED! cause: cut&paste of certs in the mmc certs snap in does not include private keys!"
Next in thread: Steve Cartwright [MSFT]: "Re: SOLVED! cause: cut&paste of certs in the mmc certs snap in does not include private keys!"
Reply: Steve Cartwright [MSFT]: "Re: SOLVED! cause: cut&paste of certs in the mmc certs snap in does not include private keys!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Mark Swift [MSFT]" <mswift@online.microsoft.com>
Date: Fri, 18 Apr 2003 13:34:53 -0700

I will pass on your comments, glad you solved it :)

--
Mark Swift
Microsoft/Windows/Networking/Secure Network Services/IP Security
Software Test Engineer
----------------------------------------------------------------------------
---------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
----------------------------------------------------------------------------
---------------------------------------
"flipper" <flipper@gmx.de> wrote in message
news:b7nrih$frq$02$1@news.t-online.com...
> hi,
>
> i just solved it.
> always verify if theres an entry for the certificates private key in
> C:\Dokumente und Einstellungen\All
> Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys, then you can be
> sure.
> Look for a matching datestamp.
>
> @Microsoft Team:
> Thanks for Your comments, but please get this issue fixed in sp's. After
c&p
> from user store to machine store the cert manager should NO LONGER display
> the message "you have a private key for this certificate", please mention
> this in the papers explicitly too.
>
> Thx ALL,
> CYa
>
>
> "flipper" <flipper@gmx.de> schrieb im Newsbeitrag
> news:b7im0o$rve$02$1@news.t-online.com...
> > oh jeh, mit zertifikatseinsatz funzts aber gar nicht,
> > BITTE ALLE MITHELFEN:
> >
> > so sieht das debug log oakley.log aus (konfig, siehe ms-anleitung, auch
> auf
> > deutsch da)
> > habs mit allen möglichen zertifikatsquellen versucht, immer dasselbe:
> >
> > peer1:
> >
> > 4-16: 04:57:25:805:9c4 Receive: (get) SA = 0x000fb490 from 192.168.2.101
> > 4-16: 04:57:25:805:9c4 ISAKMP Header: (V1.0), len = 1556
> > 4-16: 04:57:25:805:9c4 I-COOKIE 3ccdc554cc3dc04d
> > 4-16: 04:57:25:805:9c4 R-COOKIE 95cb0109e456387d
> > 4-16: 04:57:25:805:9c4 exchange: Oakley Main Mode
> > 4-16: 04:57:25:805:9c4 flags: 1 ( encrypted )
> > 4-16: 04:57:25:805:9c4 next payload: ID
> > 4-16: 04:57:25:805:9c4 message ID: 00000000
> > 4-16: 04:57:25:805:9c4 processing payload ID
> > 4-16: 04:57:25:805:9c4 processing payload CERT
> > 4-16: 04:57:25:805:9c4 processing payload CRP
> > 4-16: 04:57:25:805:9c4 C=DE, O=za, OU=za, CN=za
> > 4-16: 04:57:25:805:9c4 processing payload SIG
> > 4-16: 04:57:25:805:9c4 Verifying CertStore
> > 4-16: 04:57:25:805:9c4 SubjectName: C=DE, O=za, OU=za, CN=z2
> > 4-16: 04:57:25:805:9c4 Cert Serialnumber 0300000000000567b711
> > 4-16: 04:57:25:805:9c4 Cert SHA Thumbprint
> dfe07769ade3821f546afbaa5225bab0
> > 4-16: 04:57:25:805:9c4 a9bee86d
> > 4-16: 04:57:25:805:9c4 Cert Trustes. 0 100
> > 4-16: 04:57:25:805:9c4 SubjectName: C=DE, O=za, OU=za, CN=z2
> > 4-16: 04:57:25:805:9c4 Cert Serialnumber 0300000000000567b711
> > 4-16: 04:57:25:805:9c4 Cert SHA Thumbprint
> dfe07769ade3821f546afbaa5225bab0
> > 4-16: 04:57:25:805:9c4 a9bee86d
> > 4-16: 04:57:25:805:9c4 SubjectName: C=DE, O=za, OU=za, CN=za
> > 4-16: 04:57:25:805:9c4 Cert Serialnumber
8f5c036b7419284c8ff4d2b070e12c49
> > 4-16: 04:57:25:805:9c4
> > 4-16: 04:57:25:805:9c4 Cert SHA Thumbprint
> 0269aeec2d0b6d52bb73c3e6bf919028
> > 4-16: 04:57:25:805:9c4 b2b9eb19
> > 4-16: 04:57:25:805:9c4 Cert SHA Thumbprint
> dfe07769ade3821f546afbaa5225bab0
> > 4-16: 04:57:25:805:9c4 a9bee86d
> > 4-16: 04:57:25:805:9c4 Entered CRL check
> > 4-16: 04:57:31:934:9c4 Left CRL check
> > 4-16: 04:57:31:934:9c4 Signature validated
> >
> > 4-16: 04:57:31:934:9c4 constructing ISAKMP Header
> > 4-16: 04:57:31:934:9c4 constructing ID
> > 4-16: 04:57:31:934:9c4 Looking for IPSec only cert
> > 4-16: 04:57:31:934:9c4 Cert Trustes. 0 100
> > 4-16: 04:57:31:934:9c4 AcquireContext Sig Key error: -2146893802
> >
> > Der Schlüsselsatz ist nicht vorhanden. ???????
> >
> > 4-16: 04:57:31:934:9c4 Failed to get key for cert
> > 4-16: 04:57:31:934:9c4 Looking for IPSec only cert
> > 4-16: 04:57:31:934:9c4 failed to get chain 80092004
> > 4-16: 04:57:31:934:9c4 Looking for any cert
> > 4-16: 04:57:31:934:9c4 Cert Trustes. 0 100
> > 4-16: 04:57:31:934:9c4 AcquireContext Sig Key error: -2146893802
> >
> > 4-16: 04:57:31:934:9c4 Failed to get key for cert
> > 4-16: 04:57:31:934:9c4 Looking for any cert
> > 4-16: 04:57:31:934:9c4 failed to get chain 80092004
> >
> > Das Objekt oder die Eigenschaft wurde nicht gefunden. ????????
> >
> > 4-16: 04:57:31:934:9c4 ProcessFailure: sa:000FB490 centry:00000000
> > status:35fc
> > 4-16: 04:57:31:934:9c4 isadb_set_status sa:000FB490 centry:00000000
status
> > 35fc
> > 4-16: 04:57:31:934:9c4 Schlüsselaustauschmodus (Hauptmodus)
> >
> >
> > 4-16: 04:57:31:934:9c4 Quell-IP-Adresse 192.168.2.100
> >
> > Quell-IP-Adressmaske 255.255.255.255
> >
> > Ziel-IP-Adresse 192.168.2.101
> >
> > Ziel-IP-Adressmaske 255.255.255.255
> >
> > Protokoll 0
> >
> > Quellport 0
> >
> > Zielport 0
> >
> > Lokale IKE-Adresse
> >
> > Peer-IKE-Adresse
> >
> >
> > 4-16: 04:57:31:934:9c4 Zertifikatsbasierte Identität.
> >
> > Peerantragsteller C=DE, O=za, OU=za, CN=z2
> >
> > Peer-SHA-Fingerabdruck dfe07769ade3821f546afbaa5225bab0a9bee86d
> >
> > Peer, der die Zertifizierungsstelle ausstellt: C=DE, O=za, OU=za, CN=za
> >
> > Stammzertifizierungsstelle
> >
> > Eigener Antragsteller
> >
> > Eigener SHA-Fingerabdruck 0000000000000000000000000000000000000000
> >
> > Peer-IP-Adresse: 192.168.2.101
> >
> >
> > 4-16: 04:57:31:934:9c4 Benutzer
> >
> >
> > 4-16: 04:57:31:934:9c4 Es ist kein privater Schlüssel mit dem
> > Computerzertifikat verknüpft.
> >
> >
> > 4-16: 04:57:31:934:9c4 0x80092004 0x0
> > 4-16: 04:57:31:934:9c4 ProcessFailure: sa:000FB490 centry:00000000
> > status:35fc
> > 4-16: 04:57:31:934:9c4 Not creating notify.
> >
> > peer2:
> >
> > 4-15: 04:57:16:1fc *****************Queueing work for worker. 6
> > 4-15: 04:57:16:128
> > 4-15: 04:57:16:128 Resume: (get) SA = 0x00237a18 from 192.168.2.100
> > 4-15: 04:57:16:128 ISAKMP Header: (V1.0), len = 243
> > 4-15: 04:57:16:128 I-COOKIE 3ccdc554cc3dc04d
> > 4-15: 04:57:16:128 R-COOKIE 95cb0109e456387d
> > 4-15: 04:57:16:128 exchange: Oakley Main Mode
> > 4-15: 04:57:16:128 flags: 0
> > 4-15: 04:57:16:128 next payload: KE
> > 4-15: 04:57:16:128 message ID: 00000000
> > 4-15: 04:57:16:128 Stopping RetransTimer sa:00237A18 centry:00000000
> > handle:0009A1F0
> > 4-15: 04:57:16:128 processing payload KE
> > 4-15: 04:57:16:128 Generated 128 byte Shared Secret
> > 4-15: 04:57:16:128 KE processed; DH shared secret computed
> > 4-15: 04:57:16:128 processing payload NONCE
> > 4-15: 04:57:16:128 processing payload CR
> > 4-15: 04:57:16:128 Processing Cert request
> > 4-15: 04:57:16:128 In state OAK_MM_Key_EXCH
> > 4-15: 04:57:16:128 skeyid generated; crypto enabled (initiator)
> > 4-15: 04:57:16:128 constructing ISAKMP Header
> > 4-15: 04:57:16:128 constructing ID
> > 4-15: 04:57:16:128 Cert Trustes. 0 0
> > 4-15: 04:57:16:128 Key Contained Name
> > 4-15: 04:57:16:128
> > b53799241ca9cc0b251c811b2862f9b5_3ab5e203-31bc-4d7b-a784-bdae77975100
> > 4-15: 04:57:16:128 Found try 1
> > 4-15: 04:57:16:128 constructing CERT
> > 4-15: 04:57:16:128 constructing SIG
> > 4-15: 04:57:16:128 Construct SIG
> > 4-15: 04:57:16:128 Hash algo 2
> > 4-15: 04:57:16:128 Initiator ID 090000003034310b3009060355040613
> > 4-15: 04:57:16:128 024445310b3009060355040a13027a61
> > 4-15: 04:57:16:128 310b3009060355040b13027a61310b30
> > 4-15: 04:57:16:128 09060355040313027a32
> > 4-15: 04:57:16:128 Error 80090016 during CryptSignHash1!
> >
> > Der Schlüsselsatz ist nicht vorhanden. ????????????
> > DAS KANN NICHT SEIN, ALLE DA, MIT PRIVATE KEYS !!!!!!!!!
> >
> > 4-15: 04:57:16:128 Trying KE key
> > 4-15: 04:57:16:128 Signature Created Successfully
> > 4-15: 04:57:16:128 Sig LE: 23008a3510138947ad9badf54b5af5dd
> > 4-15: 04:57:16:128 145f7dc9eb69a9d3f1f67a087a88c155
> > 4-15: 04:57:16:128 19f27a0d8c2906879139417440391bf8
> > 4-15: 04:57:16:128 0592ca96c96b641983b544b8e212be1c
> > 4-15: 04:57:16:128 b75216f4e15acc4d617b2a1343c4ac77
> > 4-15: 04:57:16:128 8b3c63b70ecc6a39ad80b93feb4d9912
> > 4-15: 04:57:16:128 cbac3bcc022a3d9710217e0537c4bd69
> > 4-15: 04:57:16:128 012789978177da76935b0ea21511b08c
> > 4-15: 04:57:16:128 3030dd05be447d4117f31ae05e1531fd
> > 4-15: 04:57:16:128 a3f74ff5be4af678707579a8ef1a599f
> > 4-15: 04:57:16:128 4179b42b354c8c0db26d1055f7440d29
> > 4-15: 04:57:16:128 ef45b12fb11e381dc87c0b197eb9e00f
> > 4-15: 04:57:16:128 408492a40efa53c7524017d1aa37d3a7
> > 4-15: 04:57:16:128 5cbf24b3fc6a552a6346ec9a59522d6b
> > 4-15: 04:57:16:128 1606ce4ef1aac1edbf3f446fabe24027
> > 4-15: 04:57:16:128 a93a91c41a8f5adc675eab4ba9327b37
> > 4-15: 04:57:16:128
> > 4-15: 04:57:16:128 SIG BE: 377b32a94bab5e67dc5a8f1ac4913aa9
> > 4-15: 04:57:16:128 2740e2ab6f443fbfedc1aaf14ece0616
> > 4-15: 04:57:16:128 6b2d52599aec46632a556afcb324bf5c
> > 4-15: 04:57:16:128 a7d337aad1174052c753fa0ea4928440
> > 4-15: 04:57:16:128 0fe0b97e190b7cc81d381eb12fb145ef
> > 4-15: 04:57:16:128 290d44f755106db20d8c4c352bb47941
> > 4-15: 04:57:16:128 9f591aefa879757078f64abef54ff7a3
> > 4-15: 04:57:16:128 fd31155ee01af317417d44be05dd3030
> > 4-15: 04:57:16:128 8cb01115a20e5b9376da778197892701
> > 4-15: 04:57:16:128 69bdc437057e2110973d2a02cc3baccb
> > 4-15: 04:57:16:128 12994deb3fb980ad396acc0eb7633c8b
> > 4-15: 04:57:16:128 77acc443132a7b614dcc5ae1f41652b7
> > 4-15: 04:57:16:128 1cbe12e2b844b58319646bc996ca9205
> > 4-15: 04:57:16:128 f81b3940744139918706298c0d7af219
> > 4-15: 04:57:16:128 55c1887a087af6f1d3a969ebc97d5f14
> > 4-15: 04:57:16:128 ddf55a4bf5ad9bad47891310358a0023
> > 4-15: 04:57:16:128
> > 4-15: 04:57:16:128 AuthCount 1
> > 4-15: 04:57:16:128 Constructing Cert Request
> > 4-15: 04:57:16:128 Setting CertReq type
> > 4-15: 04:57:16:128 Throw: State mask=111f
> > 4-15: 04:57:16:128 Doing tripleDES
> > 4-15: 04:57:16:128
> > 4-15: 04:57:16:128 Sending: SA = 0x00237A18 to 192.168.2.100
> > 4-15: 04:57:16:128 ISAKMP Header: (V1.0), len = 1556
> > 4-15: 04:57:16:128 I-COOKIE 3ccdc554cc3dc04d
> > 4-15: 04:57:16:128 R-COOKIE 95cb0109e456387d
> > 4-15: 04:57:16:128 exchange: Oakley Main Mode
> > 4-15: 04:57:16:128 flags: 1 ( encrypted )
> > 4-15: 04:57:16:128 next payload: ID
> > 4-15: 04:57:16:128 message ID: 00000000
> > 4-15: 04:57:17:128 Handling Retransmit: sa 237a18 handle 9a1f0 context
> > 2348b8 arg 2348b8
> > 4-15: 04:57:17:128 retransmit: sa = 00237A18 centry 00000000 , count = 0
> > 4-15: 04:57:17:128
> >
> > thx
> >
> >
>
>

Next message: Jim Nugent: "Re: Lost EFS Recovery Key for local admin"
Previous message: Rob: "Re: Admin.dll Httpodbc.dll"
In reply to: flipper: "SOLVED! cause: cut&paste of certs in the mmc certs snap in does not include private keys!"
Next in thread: Steve Cartwright [MSFT]: "Re: SOLVED! cause: cut&paste of certs in the mmc certs snap in does not include private keys!"
Reply: Steve Cartwright [MSFT]: "Re: SOLVED! cause: cut&paste of certs in the mmc certs snap in does not include private keys!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]