Microsoft KB Archive/181937

= Latest SGC-Enabled Schannel.dll Breaks IIS 3.0 Key Manager =

Article ID: 181937

Article Last Modified on 11/9/2005

-

APPLIES TO


 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q181937



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When you install the latest Server Gated Cryptography (SGC)-enabled export version of Schannel.dll (01/22/98, 161.040 bytes) on a Microsoft Internet Information Server (IIS) 3.0 computer and enable SGC by setting the EnableSGC Registry Key, Key Manager hangs while generating a SGC certificate request.

For more information, please see the following Microsoft Knowledge Base article:

148427 : Generic SSL (PCT/TLS) Updates for IIS and MS Internet Products



CAUSE
This behavior occurs because Key Manager is not working correctly with the SGC-enabled export version of Schannel.dll (01/22/98, 161.040 bytes).



WORKAROUND
To work around this problem, use one of the following methods:


 * Use the SGC-enabled export version of Schannel.dll (11/18/97, 160.528 bytes) that comes with Internet Explorer 4.0x with the version of Key Manager that comes with Internet Information Server 3.0 to generate SGC certificate requests.
 * Use the version of Key Manager (version 4.02.0622) that comes with Internet Information Server 4.0 to generate SGC certificate requests. This version of Key Manager works without problems when you use it with the latest version of Schannel.dll (01/22/98, 161.040 bytes) or with the version of Schannel.dll (11/18/97, 160.528 bytes) that comes with Internet Explorer 4.0x.



STATUS
Microsoft has confirmed this to be a problem in Internet Information Server 3.0 Key Manager. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

Additional query words: SCHANNEL KEYRING Q148427

Keywords: kbbug KB181937

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.