Server 2003 certsrv problem after xenroll/certenroll hotfix

i have been able request smart card certificates on user's behalf (from xp) until installed hotfix http://support.microsoft.com/default.aspx?kbid=922706  (i installed update because vista not download domain's trusted certificate.  read mean thie hotfix correct , maintain xp compatibility.)

after update don't see option request smart card user certificate under advanced cert request.  local pc using xp , has enrollment agent sertificate installed.

any suggestions appreciated, thanks!

hi,

 

yes, correct "enroll on behalf of" option has been removed web enrollment pages after applying update 922706. has been described in kb article 922706 , excerpt included below:

 

922706 how use certificate services web enrollment pages windows vista or windows server 2008

<http://support.microsoft.com/default.aspx?scid=kb;en-us;922706>

 

excerpt

==============

note windows vista certificate enrollment client component has been enhanced on of earlier versions of windows. of functionality formerly accessed using web pages included in client component. therefore, functionality has been removed updated certificate enrollment web pages. functionality has been removed includes following:

 

- enroll on behalf of operation

- computer certificate enrollment

- xenroll .cab file

 

therefore, expected phenomenon enroll on behalf of option removed web-enrollment page after installing hotfix, because option has been moved certificates mmc snap-in in windows vista , windows server 2008. need open certificates mmc , right click , select tasks -> advanced operations see enroll of behalf option.

 

in other words, after applying update, can perform "enroll on behalf of" operation vista or 2008 machine via mmc.

 

if still want "enroll on behalf" operation xp client, i'm afraid have setup windows 2003 server web enrollment server , hosts older 2003 pages 2k/xp/2003 clients.

 

regards,

 

---

nick gu - msft

Windows Server  >  Security