Microsoft KB Archive/940794

= We recommend that you do not store certificate revocation lists in the personal store on a domain controller that is running Windows Server 2003 =

Article ID: 940794

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems

-



INTRODUCTION
We recommend that you do not store certificate revocation lists (CRLs) in the personal store on a domain controller that is running Windows Server 2003. When the CertControlStore function monitors the personal store, there may be unintended side effects.



MORE INFORMATION
The CertControlStore function monitors the personal store on a domain controller. When the contents of a cached store that is being used differ from the stored contents of the same store, the CertControlStore notifies the application that calls it. The Lsass.exe process hosts the Local Security Authority Subsystem on a domain controller. The CertControlStore function notifies this subsystem when the contents of a certificate store changes.

