Roaming Profiles Cannot Create Key Containers

Article translations Article translations
Article ID: 265357 - View products that this article applies to.
This article was previously published under Q265357
Expand all | Collapse all

SYMPTOMS

If you are using a roaming user profile and the "Delete roaming profile cache" policy is in use, the CryptAcquireContext call does not succeed and returns an "NTE_TEMPORARY_PROFILE" error message.

This problem becomes apparent when a user requests a certificate using either the Certificate Services web pages or the Certificates MMC snap-in.

The Certificate Services Web pages will return the following error:
An error occurred while creating the certificate request. Please verify that your CSP supports any settings you have made and that your input is valid.

Suggested cause:
No suggestion.

Error: 0x080090024 - (unknown)
The Certificates MMC snap-in will return the following error:
The certificate request cannot be created. The profile for the user is a temporary profile.

CAUSE

In this instance, Windows 2000 does not properly account for PT_ROAMING being returned from GetProfileType.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
   Date        Time     Version        Size     File name
   --------------------------------------------------------
   07/11/2000  01:54pm  5.0.2195.2101  131,856  Rsabase.dll
				

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.

MORE INFORMATION

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:
249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

This error also occurs if the user is a member of the Guests or Domain Guests group, but this is by design. Certificates and the associated private keys are stored in a secured location in the user's profile. If the user is a member of the Guests or Domain Guests groups, then the system marks the profile as temporary which means it will be deleted when the user logs off. Windows 2000 will not allow you to save a private key to a temporary profile because it will not persist from logon session to logon session.

Properties

Article ID: 265357 - Last Review: February 20, 2007 - Revision: 3.3
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbhotfixserver kbqfe kbbug kbfix kbwin2000presp2fix KB265357

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com