Microsoft KB Archive/867651

= You cannot add a TLS certificate to a computer that is running Office Live Communications Server 2003 =

Article ID: 867651

Article Last Modified on 12/26/2006

-

APPLIES TO


 * Microsoft Office Live Communications Server 2003

-





SYMPTOMS
When you try to add a Transport Layer Security (TLS) certificate to the Authentication tab of a computer that is running Microsoft Office Live Communications Server 2003, you may receive the following error message:

Live Communications Server Snap-in cannot save some or all of the settings.



CAUSE
This problem occurs because you do not have access to the following object:

\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\

This key has permissions set to full control only for the user account that added the actual certificate to the local machine store.



RESOLUTION
To resolve this problem, you must grant permissions to the following object:

\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\

You must grant permissions to this object if the following conditions are true:
 * You are installing Office Live Communications Server 2003.
 * You are not using the same account that you used to add the TLS certificate to the local machine store.

You must grant the installing account full control to the following object before you can add the TLS authentication method:

\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

You can use the Sysinternals Filemon utility to determine the GUID you must grant access to. To do this, filter on the Wmiprvse.exe process ID that is owned by NETWORK SERVICE while you reproduce the error. To obtain the Sysinternals Filemon utility, visit the following Sysinternals Web site:

http://www.microsoft.com/technet/sysinternals/default.mspx

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Keywords: kbbug kbprb KB867651

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.