Recovery Operation for Certificate Server May Invalidate Certificate Authority Keys

• Microsoft Windows NT Server version 4.0 SP4
• Microsoft Windows NT Workstation version 4.0 SP4
• Microsoft Windows NT Server, Enterprise Edition version 4.0 SP4
• Microsoft Certificate Server version 1.0
• Microsoft Internet Information Server version 4.0

SYMPTOMS

If you back up certificate files from an existing certificate server and restore them to a second certificate server, when you reinstall the second certificate server you may find that the key at the end of the Use Existing Keys list in the Setup window is invalid. In addition, the key that corresponds to your Certificate Authority name may be invalid.

CAUSE

This behavior occurs because the SYSOCMGR command used to reinstall Certificate Server adds an invalid key to the registry.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:

• http://www.microsoft.com/windows/servicepacks/


-or-


• Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack

http://www.microsoft.com/support/supportnet/overview/overview.asp

STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article. This problem was first corrected in Windows NT 4.0 Service Pack 6.

MORE INFORMATION

For more information about Certificate Server, refer to the following Release Notes included with Microsoft Windows NT 4.0 Option Pack:

• Microsoft Certificate Server Version 1.0 Release Notes



• Internet Information Server Version 4.0 Release Notes

ftp. microsoft.com\bussys\iis-public\fixes\usa\certserv

Q184695 Readme Notes for Certificate Server Update

Q185195 How to Use Key and Certificate Backup/Restore Utility

Additional query words: security garbage

Keywords : kbinterop kbtool kbbug4.00 kbfix4.00 NT4SP6Fix
Version : winnt:1.0,4.0,4.0 SP4
Platform : winnt
Issue type : kbbug