Article ID: 261655
Article Last Modified on 2/21/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Internet Information Services 5.0
This article was previously published under Q261655
SYMPTOMS
You export a certificate from a computer that is running either Internet Information Server 4.0 or Internet Information Services (IIS) 5.0 and then import the certificate on a computer with IIS 5.0. The import succeeds, but you are not able to connect, and in the browser you may receive the "No Server or DNS" error message. In the event log you may receive the following error message:
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name Platform ------------------------------------------------------------------ 05/02/2000 12:34:58PM 5.131.2195.2079 466,704 crypt32.dll x86
NOTE: To effectively correct this problem, follow these steps:
In this scenario, Server A currently houses all certificates and is used as the export server (this can be a Microsoft Windows NT or Windows 2000 server). Server B is the failing import server that has certificates that have been imported from Server A.
NOTE: Server A and Server B can be the same computer.
- Remove all certificates from Server B that exist from the failed import. This includes certificates that are located in the "Trusted Root", "Intermediate", and "Personal" certificate stores.
- Apply the hotfix to Server A.
- Apply the hotfix to Server B.
- On Server A, use the MMC Certificates snap-in to export the certificate. When you export a certificate for use on another computer, always select the following options and remember the password:
- Yes, Export the private key
- Personal Information Exchange - PKCS #12 (.PFX)
- Include all certificates in the certification path if possible
NOTE: Do not select Require Stong Encryption.
- On Server B, import the certificate into the appropriate "Local Computer" certificate store (Trusted Root, Intermediate, or Personal) and test Secure Sockets Layer (SSL).
NOTE: If you apply the High Encryption Pack to the installation, you must apply this hotfix after you install Windows 2000 Service Pack 1.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.
To receive the hotfix without applying SP2, contact Microsoft Product Support Services.
Keywords: kbhotfixserver kbqfe kbbug kbfix KB261655