Microsoft KB Archive/330228

= Issue with multiple smart cards and smart card certificate renewal =

Article ID: 330228

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-



This article was previously published under Q330228



SYMPTOMS
During the renewal process for a certificate whose private key is stored on a smart card, you are initially prompted for a smart card. If you insert an incorrect smart card of the same brand and the incorrect smart card is used to form the renewal request, you are prompted for the correct smart card, and the request is then formed and sent to the certification authority (CA). After the certificate request is granted and the new certificate is installed on the correct smart card, neither of the smart cards works correctly.

Note that this issue can occur during manual certificate renewal by using the wizard in the snap-in, or during automatic enrollment renewal.



CAUSE
This problem occurs because the private key of the first (incorrect) smart card is used to form the renewal request, and the private key of the second (correct) smart card is used to sign the renewal request.



WORKAROUND
To work around this problem, reissue a new certificate for each smart card.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
For more information about automatic enrollment, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/guidance/cryptographyetc/efs.mspx

Keywords: kbprb KB330228

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.