Article ID: 324377 - Last Review: October 11, 2005 - Revision: 3.5 Cannot Use Domain Local Groups for Active Directory Certificate Mapping
This article was previously published under Q324377 On This PageSYMPTOMS
When you use directory service certificate mapping to authenticate the users with a client certificate in Microsoft Internet Information Services (IIS), the user may receive an access denied error, although the access rights are set up correctly. This only occurs with the following configuration:
RESOLUTIONService Pack InformationTo resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:260910
(http://support.microsoft.com/kb/260910/EN-US/
)
How to Obtain the Latest Windows 2000 Service Pack
Hotfix InformationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix. Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: http://support.microsoft.com/contactus/?ws=support
(http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
--------------------------------------------------------------
16-Jul-2002 10:39 5.0.2195.5781 123,664 Adsldp.dll
16-Jul-2002 10:39 5.0.2195.5781 131,344 Adsldpc.dll
16-Jul-2002 10:39 5.0.2195.5781 62,736 Adsmsext.dll
16-Jul-2002 10:39 5.0.2195.5940 358,160 Advapi32.dll
16-Jul-2002 10:39 5.0.2195.5265 42,256 Basesrv.dll
16-Jul-2002 10:39 5.0.2195.5855 49,424 Browser.dll
16-Jul-2002 10:39 5.0.2195.5943 135,952 Dnsapi.dll
16-Jul-2002 10:39 5.0.2195.5595 96,016 Dnsrslvr.dll
16-Jul-2002 10:39 5.0.2195.5722 45,328 Eventlog.dll
16-Jul-2002 10:39 5.0.2195.5907 222,992 Gdi32.dll
16-Jul-2002 10:39 5.0.2195.5859 145,680 Kdcsvc.dll
04-Jun-2002 12:31 5.0.2195.5859 199,952 Kerberos.dll
16-Jul-2002 10:39 5.0.2195.4928 708,880 Kernel32.dll
15-Jul-2002 06:52 5.0.2195.5940 71,024 Ksecdd.sys
15-Jul-2002 06:52 5.0.2195.5940 507,152 Lsasrv.dll
15-Jul-2002 06:52 5.0.2195.5940 33,552 Lsass.exe
16-Jul-2002 10:39 5.0.2195.4733 332,560 Msgina.dll
04-Jun-2002 12:31 5.0.2195.5859 107,792 Msv1_0.dll
16-Jul-2002 10:39 5.0.2195.5877 307,472 Netapi32.dll
16-Jul-2002 10:39 5.0.2195.5932 360,208 Netlogon.dll
16-Jul-2002 10:39 5.0.2195.5886 917,264 Ntdsa.dll
16-Jul-2002 10:39 5.0.2195.5585 386,832 Samsrv.dll
16-Jul-2002 10:39 5.0.2195.5837 128,784 Scecli.dll
16-Jul-2002 10:39 5.0.2195.5921 300,304 Scesrv.dll
15-Jul-2002 06:31 5.1.2195.0 146,192 Schannel.dll
08-Jul-2002 13:43 5.0.2195.5934 64,000 Sp3res.dll
21-Jun-2002 08:09 5.2.2.10 3,584 Spmsg.dll
21-Jun-2002 08:10 5.2.2.10 44,544 Spuninst.exe
12-Jun-2001 20:05 5.0.2195.3727 3,856 Svcpack1.dll
16-Jul-2002 10:39 5.0.2195.5931 379,664 User32.dll
16-Jul-2002 10:39 5.0.2195.5644 369,936 Userenv.dll
16-Jul-2002 10:39 5.0.2195.5859 48,912 W32time.dll
04-Jun-2002 12:32 5.0.2195.5859 57,104 W32tm.exe
03-Jul-2002 15:41 5.0.2195.5929 1,642,384 Win32k.sys
03-May-2002 09:31 5.0.2195.5731 178,960 Winlogon.exe
16-Jul-2002 10:39 5.0.2195.5935 243,472 Winsrv.dll
16-Jul-2002 10:39 5.0.2195.5904 125,712 Wldap32.dll
15-Jul-2002 06:52 5.0.2195.5940 507,152 Lsasrv.dll
15-Jul-2002 06:31 5.1.2195.0 146,192 Schannel.dll
16-Jul-2002 10:39 5.0.2195.4928 708,880 Kernel32.dll
16-Jul-2002 10:39 5.0.2195.5929 1,642,384 Win32k.sys
16-Jul-2002 10:39 5.0.2195.5935 243,472 Winsrv.dll
21-Jun-2002 08:10 5.2.2.10 10,240 Spcustom.dll
Note that this hotfix must be installed on the domain controllers. WORKAROUND
Grant the access rights directly to the Domain Global Group.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 4. MORE INFORMATIONFor additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below
to view the article in the Microsoft Knowledge Base:
265173
(http://support.microsoft.com/kb/265173/EN-US/
)
The Datacenter Program and Windows 2000 Datacenter Server Product
For additional information about how to install multiple hotfixes with only one reboot, click the article number below
to view the article in the Microsoft Knowledge Base:
296861
(http://support.microsoft.com/kb/296861/EN-US/
)
Use QChain.exe to Install Multiple Hotfixes with One Reboot
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
