Microsoft KB Archive/243353

= Custom certificate mappings are not recognized =

Article ID: 243353

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Services 6.0

-



This article was previously published under Q243353



SYMPTOMS
In Internet Information Services (IIS) 5.0, when you use client certificate mapping, custom mappings may not be recognized. For example, the Web site stops responding (hangs).



CAUSE
If you are not using Windows 2000 Active Directory Mapping (for example, client certificates are not mapped to their user accounts in the Windows 2000 active directory), you may have turned on the Windows Directory Service Mapper in error.



RESOLUTION
To resolve this problem, perform the following steps:
 * 1) Click Start, click Administrative Tools, and then click Internet Services Manager.
 * 2) On Windows 2000-based computers, right-click the computer name (above the listing of Web sites and FTP sites), click Properties, and then click the Edit button that is next to WWW Service. On Windows Server 2003-based computers, right-click Web Sites, and then click Properties.
 * 3) Click the Directory Security tab.
 * 4) Click to clear the Enable the Windows Directory Service Mapper check box.

Note This option is available only at the Master properties level and only if the server is a member of a Windows 2000 domain.
 * 1) Click OK, and then click OK again to return to the Internet Services Manager.
 * 2) Restart IIS.



MORE INFORMATION
If you are using the Windows Directory Service Mapper, you cannot use IIS to create custom certificate mappings for each Web site through the IIS Mapper (for example, enable Client Certificate Mapping on the Directory Security tab). You can only use one or the other.

In general, if you want to do one-to-one mappings, and the accounts reside in your domain (or forest), the Windows Mapper can save you time. If you are using many-to-one mappings, or the accounts reside outside your network, the IIS Mapper is the best solution.

For more details on the types of certificate mapping available, see the Internet Information Services 5.0 documentation.

Additional query words: iis iis5 certsrv 5

Keywords: kbprb kbpending KB243353

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.