SCEP certificates are stored incorrectly when no TPM is present on a Windows 8.1-based device

Article translations Article translations
Article ID: 2948462 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenario:
  • You deploy certificates to be used for client authentications on network services such as VPN and Wi-Fi. 
  • You provision a Simple Certificate Enrollment Protocol (SCEP) profile on a Windows 8.1-based device.
  • You set to store certificates only with a trusted platform module (TPM) key storage provider (KSP) by using the SCEP profile.
In this scenario, the certificate enrollment should only proceed if a TPM is present on the device. However, when there is no TPM present, the certificate is still successfully enrolled, and the certificates that are provisioned to the device are stored in the KSP unexpectedly.

Resolution

To resolve this issue, install update 2919355. For more information about how to obtain update 2919355, click the following article number to view the article in the Microsoft Knowledge Base:
2919355 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update April, 2014

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2948462 - Last Review: April 8, 2014 - Revision: 1.0
Applies to
  • Windows 8.1 Enterprise
  • Windows 8.1
  • Windows 8.1 RTM
  • Windows 8.1 Pro
  • Windows RT 8.1
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 R2 Foundation
  • Windows Server 2012 R2 Standard
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseadvanced KB2948462

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com