Symptoms
Assume that you use the Windows Server Backup feature to perform a system state backup on a computer that is running Windows Server 2008 or Windows Server 2008 R2. The computer has the Active Directory Certificate Services (AD CS) server role installed. In this situation, the certification authority (CA) private keys are not included in the system state backup image. Therefore, the CA private keys are unavailable when the system state is restored, and this leads to an outage of the public key infrastructure (PKI).
Cause
The issue occurs because the location where the CA private keys are stored is missing from the metadata list for system state backup.
More Information
Update information
How to obtain this update
This update is available from the Microsoft Update website:
http://update.microsoft.comThe following files are available for download from the Microsoft Download Center:
|
Operating system |
Update |
|---|---|
|
All supported x86-based versions of Windows Server 2008 |
|
|
All supported x64-based versions of Windows Server 2008 |
|
|
All supported x64-based versions of Windows Server 2008 R2 |
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online servicesMicrosoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Prerequisites
To apply this update, you must be running one of the following operating systems:
-
Windows Server 2008 Service Pack 2 (SP2)
-
Windows Server 2008 R2
-
Windows Server 2008 R2 Service Pack 1 (SP1)
For more information about how to obtain a Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
968849 How to obtain the latest service pack for Windows Server 2008For more information about how to obtain a Windows 7 or Windows Server 2008 R2 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
976932 Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2
Registry information
To apply the update in this package, you do not have to make any changes to the registry.
Restart requirement
You do not have to restart the computer after you apply this update. To avoid restarting, stop the AD CS service before you install the hotfix.
Update replacement information
This update does not replace a previously released update.
File information
The global version of this update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Server 2008 file information notes
-
The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
Version
Product
SR_Level
Service branch
6.0.600 2. 18xxx
Windows Server 2008
SP2
GDR
6.0.600 2. 22xxx
Windows Server 2008
SP2
LDR
-
GDR service branches contain only those fixes that are widely released to address widespread, extremely important issues. LDR service branches contain hotfixes in addition to widely released fixes.
-
The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008" section. MUM files and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Server 2008
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Cryptsvc.dll |
6.0.6002.18553 |
130,048 |
19-Dec-2011 |
15:54 |
x86 |
|
Cryptsvc.dll |
6.0.6002.22758 |
132,096 |
19-Dec-2011 |
16:05 |
x86 |
For all supported x64-based versions of Windows Server 2008
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Cryptsvc.dll |
6.0.6002.18553 |
167,936 |
19-Dec-2011 |
16:33 |
x64 |
|
Cryptsvc.dll |
6.0.6002.22758 |
171,008 |
19-Dec-2011 |
16:20 |
x64 |
|
Cryptsvc.dll |
6.0.6002.18553 |
130,048 |
19-Dec-2011 |
15:54 |
x86 |
|
Cryptsvc.dll |
6.0.6002.22758 |
132,096 |
19-Dec-2011 |
16:05 |
x86 |
Windows Server 2008 R2 file information notes
-
The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
Version
Product
SR_Level
Service branch
6.1.760 0. 16xxx
Windows Server 2008 R2
RTM
GDR
6.1.760 0. 21xxx
Windows Server 2008 R2
RTM
LDR
6.1.760 1. 17xxx
Windows Server 2008 R2
SP1
GDR
6.1.760 1. 21xxx
Windows Server 2008 R2
SP1
LDR
-
GDR service branches contain only those fixes that are widely released to address widespread, extremely important issues. LDR service branches contain hotfixes in addition to widely released fixes.
-
The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008 R2" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x64-based versions of Windows Server 2008 R2
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Cryptsvc.dll |
6.1.7600.16932 |
176,128 |
20-Dec-2011 |
06:28 |
x64 |
|
Cryptsvc.dll |
6.1.7600.21110 |
177,664 |
20-Dec-2011 |
06:26 |
x64 |
|
Cryptsvc.dll |
6.1.7601.17746 |
177,664 |
20-Dec-2011 |
06:42 |
x64 |
|
Cryptsvc.dll |
6.1.7601.21880 |
177,664 |
20-Dec-2011 |
06:16 |
x64 |
|
Cryptsvc.dll |
6.1.7600.16932 |
136,192 |
20-Dec-2011 |
05:44 |
x86 |
|
Cryptsvc.dll |
6.1.7600.21110 |
137,216 |
20-Dec-2011 |
05:34 |
x86 |
|
Cryptsvc.dll |
6.1.7601.17746 |
136,704 |
20-Dec-2011 |
05:35 |
x86 |
|
Cryptsvc.dll |
6.1.7601.21880 |
136,704 |
20-Dec-2011 |
07:00 |
x86 |
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
To work around the issue, use one of the following methods:
-
At a command prompt on the certification authority, perform a full CA backup by using the certutil –backupKey destination folder command. You are prompted for a password to assign to the CA key p12 file.
-
By using the Certification Authority Administrative Tool, right-click the CA, point to All Tasks, and then click Backup CA. The wizard prompts you to select the private key that you want to back up, and then it prompts you to create a password to assign to the key.
Additional file information
Additional file information for Windows Server 2008
Additional files for all supported x86-based versions of Windows Server 2008
|
File name |
Update-bf.mum |
|
File version |
Not Applicable |
|
File size |
3,011 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
05:41 |
|
Platform |
Not Applicable |
|
File name |
Update.mum |
|
File version |
Not Applicable |
|
File size |
3,078 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
05:40 |
|
Platform |
Not Applicable |
|
File name |
X86_753ab6e75f481b0d3cf95da3d5973821_31bf3856ad364e35_6.0.6002.18553_none_e876129d550f9a0e.manifest |
|
File version |
Not Applicable |
|
File size |
700 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
05:40 |
|
Platform |
Not Applicable |
|
File name |
X86_91ee1603da3b46d374e756d952864d25_31bf3856ad364e35_6.0.6002.22758_none_6fa06d475e3ea7e9.manifest |
|
File version |
Not Applicable |
|
File size |
700 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
05:40 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18553_none_77b30bbe981b63ff.manifest |
|
File version |
Not Applicable |
|
File size |
7,489 |
|
Date (UTC) |
19-Dec-2011 |
|
Time (UTC) |
16:18 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22758_none_7841abe1b1347fa3.manifest |
|
File version |
Not Applicable |
|
File size |
7,489 |
|
Date (UTC) |
19-Dec-2011 |
|
Time (UTC) |
16:28 |
|
Platform |
Not Applicable |
Additional files for all supported x64-based versions of Windows Server 2008
|
File name |
Amd64_3334123462a7d40d945371572da392cc_31bf3856ad364e35_6.0.6002.18553_none_cce473565e6ef072.manifest |
|
File version |
Not Applicable |
|
File size |
1,048 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
05:40 |
|
Platform |
Not Applicable |
|
File name |
Amd64_cdd76e897d054bf59b597c93cc8cc7e1_31bf3856ad364e35_6.0.6002.22758_none_961c989222682c78.manifest |
|
File version |
Not Applicable |
|
File size |
1,048 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
05:40 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18553_none_d3d1a7425078d535.manifest |
|
File version |
Not Applicable |
|
File size |
7,523 |
|
Date (UTC) |
19-Dec-2011 |
|
Time (UTC) |
16:59 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22758_none_d46047656991f0d9.manifest |
|
File version |
Not Applicable |
|
File size |
7,523 |
|
Date (UTC) |
19-Dec-2011 |
|
Time (UTC) |
16:41 |
|
Platform |
Not Applicable |
|
File name |
Update-bf.mum |
|
File version |
Not Applicable |
|
File size |
3,035 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
05:41 |
|
Platform |
Not Applicable |
|
File name |
Update.mum |
|
File version |
Not Applicable |
|
File size |
3,102 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
05:40 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18553_none_77b30bbe981b63ff.manifest |
|
File version |
Not Applicable |
|
File size |
7,489 |
|
Date (UTC) |
19-Dec-2011 |
|
Time (UTC) |
16:18 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22758_none_7841abe1b1347fa3.manifest |
|
File version |
Not Applicable |
|
File size |
7,489 |
|
Date (UTC) |
19-Dec-2011 |
|
Time (UTC) |
16:28 |
|
Platform |
Not Applicable |
Additional file information for Windows Server 2008 R2
Additional files for all supported x64-based versions of Windows Server 2008 R2
|
File name |
Amd64_50fb6535581c2c8eef32a17116303d95_31bf3856ad364e35_6.1.7601.21880_none_5467d6f3c32663b7.manifest |
|
File version |
Not Applicable |
|
File size |
702 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_5cfac1d91f38c5b3ce6bd03700df1f8f_31bf3856ad364e35_6.1.7600.16932_none_5a30150255630738.manifest |
|
File version |
Not Applicable |
|
File size |
702 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_7314fdbb749f2899eebead77eb8abb55_31bf3856ad364e35_6.1.7600.21110_none_390b09ca6cb9dd03.manifest |
|
File version |
Not Applicable |
|
File size |
704 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_7c1148cda10a17f12c2909be7733a8a3_31bf3856ad364e35_6.1.7600.16932_none_10219ac9f9cbe470.manifest |
|
File version |
Not Applicable |
|
File size |
704 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_8915ea29997160c17721555ce4ec3ed8_31bf3856ad364e35_6.1.7601.21880_none_0730b04b0a20d01b.manifest |
|
File version |
Not Applicable |
|
File size |
704 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_8a95dd5b41f48493ed341cce9979eab8_31bf3856ad364e35_6.1.7601.17746_none_57de0256824d3362.manifest |
|
File version |
Not Applicable |
|
File size |
704 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_907c8e88f8ce815a3e930c87223d157d_31bf3856ad364e35_6.1.7600.21110_none_4afe452d78d6e697.manifest |
|
File version |
Not Applicable |
|
File size |
702 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_97c377e5b7b89bb6d232021fa6b98536_31bf3856ad364e35_6.1.7600.21110_none_e894f5957c32e5b8.manifest |
|
File version |
Not Applicable |
|
File size |
1,048 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_ba68d6e1b50b4d87e95ad29a735a179b_31bf3856ad364e35_6.1.7601.17746_none_2d32d75398dd81ef.manifest |
|
File version |
Not Applicable |
|
File size |
1,048 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_c05e046acc01d12ac584e9eab22c1428_31bf3856ad364e35_6.1.7601.17746_none_a1bac12d53e98bfa.manifest |
|
File version |
Not Applicable |
|
File size |
702 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_ced66bb488209af9e4d8d27d9e01e9be_31bf3856ad364e35_6.1.7601.21880_none_bbfe332766699cb8.manifest |
|
File version |
Not Applicable |
|
File size |
1,048 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_e59f8098c1d4b5d59d3e50c928ab3de8_31bf3856ad364e35_6.1.7600.16932_none_0b3b8734050e67cb.manifest |
|
File version |
Not Applicable |
|
File size |
1,048 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16932_none_d227a52db45a6bc0.manifest |
|
File version |
Not Applicable |
|
File size |
2,393 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
07:14 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21110_none_d2c4b95ecd69d43c.manifest |
|
File version |
Not Applicable |
|
File size |
2,393 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
07:04 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17746_none_d407336fb18558f9.manifest |
|
File version |
Not Applicable |
|
File size |
2,393 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
07:21 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21880_none_d45f8ececac8d07d.manifest |
|
File version |
Not Applicable |
|
File size |
2,393 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
08:13 |
|
Platform |
Not Applicable |
|
File name |
Update-bf.mum |
|
File version |
Not Applicable |
|
File size |
3,981 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
Update.mum |
|
File version |
Not Applicable |
|
File size |
4,059 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
18:32 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16932_none_760909a9fbfcfa8a.manifest |
|
File version |
Not Applicable |
|
File size |
2,389 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
06:19 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21110_none_76a61ddb150c6306.manifest |
|
File version |
Not Applicable |
|
File size |
2,389 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
06:11 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17746_none_77e897ebf927e7c3.manifest |
|
File version |
Not Applicable |
|
File size |
2,389 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
06:13 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21880_none_7840f34b126b5f47.manifest |
|
File version |
Not Applicable |
|
File size |
2,389 |
|
Date (UTC) |
20-Dec-2011 |
|
Time (UTC) |
07:39 |
|
Platform |
Not Applicable |
