Microsoft KB Archive/255681

From BetaArchive Wiki

Article ID: 255681

Article Last Modified on 2/28/2007



APPLIES TO

  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Service Pack 1



This article was previously published under Q255681

SYMPTOMS

When you attempt to enroll a user for a smart card certificate, you may receive the following error message:

An unexpected error occurred (Error: 0x800B0112).

CAUSE

This issue occurs because the certification authority (CA) that issued the Enrollment Agent certificate is not trusted. To enroll a user for a smart card, you must have an Enrollment Agent certificate.

RESOLUTION

To resolve this issue, install the root CA certificate in the trusted root store of the Smart Card Enrollment station. You can install this certificate in the Smart Card Enrollment station, or in Group Policy.

Before you begin any of the following procedures, download a certificate for the root CA:

  1. Start Internet Explorer, and then go to the following location:

    http://Root CAs NetbiosName/certsrv

  2. Click Retrieve the certificate or certificate revocation list.
  3. Click Download CA certificate.
  4. Save the Certnew.cer file on your hard disk. Use this file when you are prompted to import the certificate for the trusted CA.

How to Install the Certificate in the Smart Card Enrollment Station

  1. Start Microsoft Management Console (MMC), and then add the Certificate snap-in.
  2. Click Computer account, and then click Local computer.
  3. Navigate to the Certificates folder that is located in the Trusted Root Certification Authorities folder.
  4. Click the Certificate folder, point to All Tasks on the Action menu, and then click Import. The Certificate Import Wizard starts, and then guides you through the procedure to import and install a root certificate.

How to Install the Certificate in Group Policy

  1. Start the Group Policy object that you want to apply to the Smart Card Enrollment stations.
  2. Navigate to the Trusted Root Certificate Authorities folder that is located in the following folder:

    Computer Configuration\Windows Settings\Security Settings\Public Key Policies

  3. Click the Trusted Root Certificate Authorities folder, point to All Tasks on the Action menu, and then click Import. The Certificate Import Wizard starts, and then guides you through the procedure to import and install a root certificate.


MORE INFORMATION

The description for this error code is:

A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.


Additional query words: certnew cer

Keywords: kberrmsg kbenv kbprb KB255681