Article ID: 884115 - View products that this article applies to.
When you connect to a computer that is running Microsoft Windows Server 2003 and Microsoft Internet Information Services (IIS) 6.0, you may receive the following error message after you select a certificate:
403.13 Client Certificate Revoked
You may receive this error message if mutual authentication is enabled.
This problem occurs because of a certificate revocation list (CRL) retrieval timeout. Windows Server 2003 introduces new Microsoft Cryptography API (CAPI) behavior regarding network timeouts. This change was first made to address the problem of long delays that occur because of CAPI blocking during CRL retrievals when the target URL is inaccessible.
In Windows Server 2003, the default timeout is set to 15 seconds. Windows Server 2003 includes a feature that retries the download on a background thread with a default timeout of 60 seconds. CRLs that reside on a Lightweight Directory Access Protocol (LDAP) URL may be particularly affected because of reduced throughput.
To work around this problem, manually download the CRL, and then install it to the local computer certificate store.
Note Because the CRL is valid only for a limited time, you must retrieve a new CRL periodically.
To install a CRL to the local computer certificate store, follow these steps:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Windows Server 2003 Service Pack 1 (SP1) is scheduled to include configurable timeout settings that are similar to those that are documented in the following article in the Microsoft Knowledge Base:
841632For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/841632/ )You receive the "403.13 client certificate revoked" error message after you install the MS04-11 security update
(http://support.microsoft.com/kb/841641/ )IIS returns a "403.13 Client Certificate Revoked" error message after you install MS04-011 because of Wininet proxy settings
(http://support.microsoft.com/kb/841642/ )Errors with client certificates occur after you install the MS04-011 security update on an IIS 5.0 computer
Article ID: 884115 - Last Review: December 3, 2007 - Revision: 1.4