Active Directory Certificate Services cannot be reinstalled by using the "Use existing private key" option on a computer that is running in Windows Server 2008 R2

Article translations Article translations
Article ID: 978034 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • You reinstall the Active Directory Certificate Services role on a computer that is running Windows Server 2008 R2.
  • You select the Use existing private key option on the Set up Private Key page, and then you select the Select an existing private key on this computer option for the reinstallation process.
In this scenario, the certification authority (CA) installation wizard stops responding for some time.

CAUSE

This issue occurs because of an error in the CA setup code. The setup code incorrectly tries to enforce the CA certificate creation process by using the RSA/SHA1 algorithm.

RESOLUTION

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, your computer must be running Windows Server 2008 R2.

Restart requirement

You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Server 2008 R2 file information notes
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008 R2" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x64-based versions of Windows Server 2008 R2

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Microsoft.windows.servermanager-ppdlic.xrm-msNot Applicable3,39303-Dec-200917:49Not Applicable
Microsoft.windows.servermanager.dll6.1.7600.205886,455,29603-Dec-200917:46x86
For all supported IA-64-based versions of Windows Server 2008 R2

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Microsoft.windows.servermanager-ppdlic.xrm-msNot Applicable3,39303-Dec-200911:48Not Applicable
Microsoft.windows.servermanager.dll6.1.7600.205886,455,29603-Dec-200911:43x86

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

The Secure Hash Algorithm (also known as SHA) hash functions are a set of cryptographic hash functions that are designed by the National Security Agency (also known as NSA). These functions are published by the National Institute of Standards and Technology (also known as NIST) as a United States Federal Information Processing Standard. The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and SHA-2. The SHA-2 family uses the same algorithm but has a variable key size. These key sizes are distinguished as SHA-224, SHA-256, SHA-384, and SHA-512.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
966329 Windows Server 2008 Certificate Services (ADCS) does not start, and error code 0x80070057 is generated when ADCS is reinstalled by using the "use existing keys" option in Windows Server 2008
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information

Additional file information for Windows Server 2008 R2

Additional files for all supported x64-based versions of Windows Server 2008 R2

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_21943e9e70106fb10e93020b0198e60a_31bf3856ad364e35_6.1.7600.20588_none_77002c3932ae2f5a.manifestNot Applicable70503-Dec-200921:31Not Applicable
Amd64_microsoft.windows.servermanager_31bf3856ad364e35_6.1.7600.20588_none_c566aed88419d51f.manifestNot Applicable4,08603-Dec-200918:03Not Applicable
Update.mumNot Applicable1,87803-Dec-200921:31Not Applicable
Additional files for all supported IA-64-based versions of Windows Server 2008 R2

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Ia64_6b147d9600959113d80617404228afdc_31bf3856ad364e35_6.1.7600.20588_none_09b89b2fa512f8ef.manifestNot Applicable70303-Dec-200921:31Not Applicable
Ia64_microsoft.windows.servermanager_31bf3856ad364e35_6.1.7600.20588_none_6949b74acbba6ce5.manifestNot Applicable4,08403-Dec-200913:10Not Applicable
Update.mumNot Applicable1,44603-Dec-200921:31Not Applicable

Properties

Article ID: 978034 - Last Review: January 4, 2010 - Revision: 2.1
APPLIES TO
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
Keywords: 
kbqfe kbhotfixserver kbsurveynew kbautohotfix kbexpertiseinter kbbug kbfix KB978034

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com