Article ID: 941820
Article Last Modified on 11/15/2007
APPLIES TO
- Microsoft Systems Management Server 2003
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows XP and Windows Vista
SYMPTOMS
NetMeeting Remote Desktop Sharing does not work correctly on a computer that is running the Microsoft Systems Management Server (SMS) 2003 Service Pack 3 (SP3) Advanced Client. After you right-click the Remote Desktop Sharing icon in the notification area, and then you click Activate Remote Desktop Sharing, the status of the NetMeeting Remote Desktop Sharing service does not change to Started.
CAUSE
The SMS 2003 SP3 Advanced Client backs up the SMS Signing and Encryption certificates to the personal certificate store on the local computer. If you upgrade from Windows XP to Windows Vista, the backup makes sure that the certificates remain after the upgrade.
SMS client computers that are running versions that are earlier than the SMS 2003 SP3 Advanced Client do not perform this backup. However, NetMeeting Remote Desktop Sharing always uses the first certificate that exists in the personal certificate store for client authentication. The SMS Signing and Encryption certificates that NetMeeting Remote Desktop Sharing finds do not work for client authentication. Therefore, NetMeeting Remote Desktop Sharing fails.
RESOLUTION
After you apply this hotfix, you can control the SMS certificate backup by using the DisableSMSCertBackup registry entry on computers that are running Windows XP or newer Windows operating systems. The DisableSMSCertBackup registry entry does not work in Microsoft Windows 2000. For more information, see the "Registry information" section.
You can also use the Certutil.exe tool to manually delete SMS certificates. To run this tool, you must have administrative credentials. To delete the SMS certificates, type the following command at a command prompt:
certutil –delstore My SMS
For more information about the Certutil.exe tool, click the following article number to view the article in the Microsoft Knowledge Base:
185195 How to use key and certificate backup/restore utility
Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that this article describes. Apply this hotfix only to systems that are experiencing this specific problem.
To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:
Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:
Hotfix installation notes
- This hotfix contains a change to the CCM Framework. This change is shared between clients and management points. Therefore, a new Mp.msi file is included in the hotfix, and we recommend that the fix be installed on all management points. The client-side MSP file can be managed by using software distribution from a central site. You should apply the hotfix package on the primary site servers to which the clients are assigned.
- The installation process prompts you to create a package and a program that will be used to distribute the hotfix. We recommend that you follow these instructions.
- The installation process also prompts you to perform a site reset. You must perform the site reset to update any management points for a given site.
Prerequisites
To apply this hotfix, you must be running SMS 2003 Service Pack 3.
Restart requirement
You do not have to restart the computer after you apply this hotfix. The SMS services restart automatically during the hotfix installation process.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
Registry information
To set the DisableSMSCertBackup registry entry, follow these steps.
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\CCM\CCMExec
- On the Edit menu, point to New, and then click DWORD Value.
- Type DisableSMSCertBackup, and then press ENTER.
- Right-click DisableSMSCertBackup, and then click Modify.
- In the Value data box, type the desired value, and then click OK.
- Exit Registry Editor.
If the DisableSMSCertBackup registry entry is set to 0, SMS certificates are backed up. In this configuration, this behavior is the same as before you apply the hotfix. This configuration should be used before you upgrade Windows XP to Windows Vista.
If the DisableSMSCertBackup registry entry is set to 1, the existing SMS certificates will be deleted when the CCMExec.exe program starts. The SMS certificates are not backed up to the local personal certificate store. Additionally, the CertificateMaintenance.log file on the client computer includes information that resembles the following:
The SMS client in Windows 2000 ignores the DisableSMSCertBackup registry entry. The SMS certificate backup is always disabled in Windows 2000, even if you define the DisableSMSCertBackup registry entry. The behavior in Windows 2000 is the same as when the DisableSMSCertBackup registry entry is set to 1.
File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
| File name | File version | File size | Date | Time | Platform |
|---|---|---|---|---|---|
| Ccmgencert.dll | 2.50.4253.3110 | 80,384 | 31-Jul-2007 | 17:45 | x86 |
| Mp.msi | Not applicable | 5,877,248 | 31-Jul-2007 | 17:45 | Not applicable |
| Sms2003ac-sp3-kb941820-x86.msp | Not applicable | 1,387,520 | 31-Jul-2007 | 17:45 | Not applicable |
WORKAROUND
You can also use the Certutil.exe tool to manually delete SMS certificates. To run this tool, you must have administrative credentials. To delete the SMS certificates, type the following command at a command prompt:
certutil –delstore My SMS
For more information about the Certutil.exe tool, click the following article number to view the article in the Microsoft Knowledge Base:
185195 How to use key and certificate backup/restore utility
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
The Mp.msi file is not included with the International Client Pack 1 (ICP1) or with the International Client Pack 2 (ICP2) versions of this hotfix. After you install the hotfix, the Remote Desktop connection (Mstsc.exe) feature makes the option to enable NetMeeting Remote Desktop Sharing unavailable.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Keywords: kbexpertiseinter kbbug kbfix kbhotfixserver kbqfe kbpubtypekc KB941820
