Article ID: 891308 - Last Review: October 26, 2006 - Revision: 1.5

Certificates and their associated private keys are not available when a user who has a roaming user profile uses a Windows 2000-based computer to log on to the network

Hotfix download is availableHotfix Download Available
View and request hotfix downloads
View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

On This Page

Expand all | Collapse all

SYMPTOMS

Consider the following network environment:
  • The network contains client computers that are running Microsoft Windows 2000 and client computers that are running Microsoft Windows XP Professional.
  • The users on the network have roaming user profiles.
In this environment, when a user uses a Windows 2000-based computer to log on to the network, certificates and their associated private keys are not available. When the same user uses a Windows XP-based computer to log on to the network, certificates and their associated private keys are available.

Note This problem may affect any program or feature that uses the CryptoAPI system to manage certificates and keys. For example, this problem may affect Microsoft Office, Microsoft Internet Explorer, or the Encrypting File System (EFS).
Back to the top

CAUSE

This problem occurs because Microsoft Windows XP and later versions of Windows use an iterative encryption scheme to encrypt master keys. Windows 2000 uses a non-iterative encryption scheme. Therefore, a Windows 2000-based computer cannot recognize keys that are encrypted on a Windows XP-based computer.
Back to the top

RESOLUTION

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must have Windows 2000 Service Pack 3 installed on your computer.

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date         Time   Version            Size    File name
   -----------------------------------------------------------
   24-Mar-2004  02:17  5.0.2195.6876     388,368  Advapi32.dll
   17-Jun-2004  23:05  5.0.2195.6951      46,352  Basesrv.dll
   24-Mar-2004  02:17  5.0.2195.6866      69,904  Browser.dll
   21-Sep-2003  00:45  5.0.2195.6824     236,304  Cmd.exe
   24-Mar-2004  02:17  5.131.2195.6824   543,504  Crypt32.dll
   24-Mar-2004  02:17  5.131.2195.6824    61,200  Cryptnet.dll
   24-Mar-2004  02:17  5.0.2195.6868      76,048  Cryptsvc.dll
   24-Mar-2004  02:17  5.0.2195.6824     134,928  Dnsapi.dll
   24-Mar-2004  02:17  5.0.2195.6876      92,432  Dnsrslvr.dll
   24-Mar-2004  02:17  5.0.2195.6883      47,888  Eventlog.dll
   17-Jun-2004  23:05  5.0.2195.6945     231,184  Gdi32.dll
   24-Mar-2004  02:17  5.0.2195.6890     143,632  Kdcsvc.dll
   11-Mar-2004  02:37  5.0.2195.6903     210,192  Kerberos.dll
   17-Jun-2004  23:05  5.0.2195.6946     712,464  Kernel32.dll
   21-Sep-2003  00:32  5.0.2195.6824      71,888  Ksecdd.sys
   15-Oct-2004  15:16  5.0.2195.6987     513,296  Lsasrv.dll
   25-Feb-2004  23:59  5.0.2195.6902      33,552  Lsass.exe
   24-Mar-2004  02:17  5.0.2195.6898      37,136  Mf3216.dll
   24-Mar-2004  02:17  5.0.2195.6824      54,544  Mpr.dll
   17-Jun-2004  23:05  5.0.2195.6928     335,120  Msgina.dll
   11-Mar-2004  02:37  5.0.2195.6897     123,152  Msv1_0.dll
   10-Jun-2004  16:58  5.0.2195.6949     309,008  Netapi32.dll
   24-Mar-2004  02:17  5.0.2195.6891     371,472  Netlogon.dll
   24-Mar-2004  02:17  5.0.2195.6896   1,028,880  Ntdsa.dll
   14-Feb-2005  07:46  5.0.2195.7026     121,104  Psbase.dll
   24-Mar-2004  02:14  5.0.2195.6892      90,264  Rdpwd.sys
   24-Mar-2004  02:17  5.0.2195.6897     388,368  Samsrv.dll
   24-Mar-2004  02:17  5.0.2195.6893     111,376  Scecli.dll
   24-Mar-2004  02:17  5.0.2195.6903     253,200  Scesrv.dll
   07-Feb-2005  05:35  5.0.2195.7026   6,301,696  Sp3res.dll
   29-Dec-2004  09:14  5.0.2195.7017     380,688  User32.dll
   14-Feb-2005  07:46  5.0.2195.7029     396,048  Userenv.dll
   24-Mar-2004  02:17  5.0.2195.6824      50,960  W32time.dll
   21-Sep-2003  00:32  5.0.2195.6824      57,104  W32tm.exe
   24-Dec-2004  17:23  5.0.2195.7013   1,633,616  Win32k.sys
   11-Oct-2004  07:04  5.1.2600.1557     331,776  Winhttp.dll
   24-Aug-2004  22:59  5.0.2195.6970     182,544  Winlogon.exe
   17-Jun-2004  23:05  5.0.2195.6946     244,496  Winsrv.dll
   24-Mar-2004  02:17  5.131.2195.6824   167,184  Wintrust.dll
   17-Jun-2004  23:05  5.0.2195.6946     712,464  Kernel32.dll
   24-Dec-2004  17:23  5.0.2195.7013   1,633,616  Win32k.sys
   17-Jun-2004  23:05  5.0.2195.6946     244,496  Winsrv.dll
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top

MORE INFORMATION

The encryption scheme was changed in Windows XP to help defend against dictionary-based password attacks.

For additional information about the new file naming schema for Microsoft Windows software update packages, click the following article number to view the article in the Microsoft Knowledge Base:
816915  (http://support.microsoft.com/kb/816915/ ) New file naming schema for Microsoft Windows software update packages
For additional information about the terminology that is used in this article, click the following article number to view the article in the Microsoft Knowledge Base:
824684  (http://support.microsoft.com/kb/824684/ ) Description of the standard terminology that is used to describe Microsoft software updates
Back to the top
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Advanced Server
Back to the top
Keywords: 
kbautohotfix kbbug kbfix kbwin2000presp5fix kbhotfixserver kbqfe KB891308
Back to the top