Article ID: 970402 - Last Review: October 30, 2009 - Revision: 2.1

A hotfix is available that enables certificate mapping by using the common name (CN) of only the "Subject" field in Windows Server 2008

Hotfix download is availableHotfix Download Available
View and request hotfix downloads
View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

On This Page

Expand all | Collapse all

SUMMARY

Windows Server 2008 handles the certificate mapping by using the common name (CN) of the "Issuer" field of a certificate. This behavior is by design and could not be changed by a user.

This hotfix introduces a new feature for Windows Server 2008. The new feature enables Windows Server 2008 to handle the certificate mapping by using the CN of only the "Subject" field. The new feature is added in the authentication module in Windows Server 2008.
Back to the top

MORE INFORMATION

You must install this hotfix on all domain controllers. After you install this hotfix, you must follow these steps on one of the domain controllers to enable this feature for one or more users:
  1. On the domain controller, open the "Active Directory Users and Computers" snap-in.
  2. In the "Active Directory Users and Computers" window, click Advanced Features on the View menu.
  3. Expand DomainName, and then click Users.
    Note DomainName represents the fully qualified domain name (FQDN) of the domain.
  4. Double-click a user to enable this feature for that user.
  5. In the Properties dialog box, click the Attribute Editor tab.
  6. On the Attribute Editor tab, double-click the altSecurityIdentities attribute.
  7. In the Multi-valued String Editor dialog box, type the following value under Value to add, and then click Add: X509N:<S>CN=CertificateSubjectName
    Note CertificateSubjectName represents the CN of the "Subject" field of the user certificate.
  8. Click OK two times.
  9. Repeat step 4 through step 8 as required if you want to enable this feature for other users.
Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.
Back to the top

Prerequisites

To apply this hotfix, the computer must be running one of the following operating systems:
  • Windows Server 2008
  • Windows Server 2008 Service Pack 2 (SP2)
Back to the top

Restart requirement

You must restart the computer after you apply this hotfix.
Back to the top

Hotfix replacement information

This hotfix does not replace any other hotfix.
Back to the top

File information

The global version of this hotfix has the file attributes (or later file attributes) that are listed in the following table.

Windows Server 2008 file information note

  • The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
    Collapse this tableExpand this table
    VersionProductSR_LevelService branch
    6.0.600 1 . 18xxxWindows Server 2008SP1GDR
    6.0.600 1 . 22xxxWindows Server 2008SP1LDR
    6.0.600 2 . 18xxxWindows Server 2008SP2GDR
    6.0.600 2 . 22xxxWindows Server 2008SP2LDR
  • Service Pack 1 is integrated into the original release of Windows Server 2008.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported x86-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Kdcsvc.dll6.0.6001.22498312,83217-Aug-200912:29x86
Kdcsvc.mofNot applicable5,30001-Apr-200919:14Not applicable
Kdcsvc.dll6.0.6002.22201312,83217-Aug-200911:59x86
Kdcsvc.mofNot applicable5,30003-Apr-200921:47Not applicable
Kerberos.dll6.0.6001.22498500,22417-Aug-200912:29x86
Kerberos.dll6.0.6002.22201500,73617-Aug-200911:59x86
Schannel.dll6.0.6001.22498271,36017-Aug-200912:31x86
Schannel.dll6.0.6002.22201271,87217-Aug-200912:01x86

For all supported x64-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Kdcsvc.dll6.0.6001.22498406,01617-Aug-200912:13x64
Kdcsvc.mofNot applicable5,30001-Apr-200916:43Not applicable
Kdcsvc.dll6.0.6002.22201406,01617-Aug-200912:19x64
Kdcsvc.mofNot applicable5,30003-Apr-200921:07Not applicable
Kerberos.dll6.0.6001.22498658,94417-Aug-200912:13x64
Kerberos.dll6.0.6002.22201658,94417-Aug-200912:19x64
Schannel.dll6.0.6001.22498339,45617-Aug-200912:15x64
Schannel.dll6.0.6002.22201338,94417-Aug-200912:21x64
Kerberos.dll6.0.6001.22498500,22417-Aug-200912:29x86
Kerberos.dll6.0.6002.22201500,73617-Aug-200911:59x86
Schannel.dll6.0.6001.22498271,36017-Aug-200912:31x86
Schannel.dll6.0.6002.22201271,87217-Aug-200912:01x86

For all supported Itanium-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Kerberos.dll6.0.6001.224981,395,71217-Aug-200912:13IA-64
Kerberos.dll6.0.6002.222011,395,71217-Aug-200913:28IA-64
Schannel.dll6.0.6001.22498790,01617-Aug-200912:15IA-64
Schannel.dll6.0.6002.22201790,01617-Aug-200913:30IA-64
Kerberos.dll6.0.6001.22498500,22417-Aug-200912:29x86
Kerberos.dll6.0.6002.22201500,73617-Aug-200911:59x86
Schannel.dll6.0.6001.22498271,36017-Aug-200912:31x86
Schannel.dll6.0.6002.22201271,87217-Aug-200912:01x86
Back to the top
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base: -
824684  (http://support.microsoft.com/kb/824684/ ) Description of the standard terminology that is used to describe Microsoft software updates
Back to the top

Additional file information for Windows Server 2008

Additional files for all supported x86-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Package_for_kb970402_client_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,36718-Aug-200905:50Not applicable
Package_for_kb970402_client_2~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,69418-Aug-200905:50Not applicable
Package_for_kb970402_client~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,71318-Aug-200905:50Not applicable
Package_for_kb970402_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,92618-Aug-200905:50Not applicable
Package_for_kb970402_sc_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable2,29318-Aug-200905:50Not applicable
Package_for_kb970402_sc~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,70118-Aug-200905:50Not applicable
Package_for_kb970402_server_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,92318-Aug-200905:50Not applicable
Package_for_kb970402_server_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable2,29518-Aug-200905:50Not applicable
Package_for_kb970402_server~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,71318-Aug-200905:50Not applicable
Package_for_kb970402_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,42218-Aug-200905:50Not applicable
Package_for_kb970402_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,43018-Aug-200905:50Not applicable
X86_microsoft-windows-k..distribution-center_31bf3856ad364e35_6.0.6001.22498_none_8be81dd1ada0405c.manifestNot applicable42,27617-Aug-200914:22Not applicable
X86_microsoft-windows-k..distribution-center_31bf3856ad364e35_6.0.6002.22201_none_8e28dee5aa83e5cd.manifestNot applicable42,27617-Aug-200913:39Not applicable
X86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22498_none_e70732acca2ced68.manifestNot applicable38,32617-Aug-200914:25Not applicable
X86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22201_none_e947f3c0c71092d9.manifestNot applicable38,32617-Aug-200913:40Not applicable
X86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22498_none_2246a08f6ea23431.manifestNot applicable18,09017-Aug-200914:26Not applicable
X86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22201_none_248761a36b85d9a2.manifestNot applicable18,09017-Aug-200913:40Not applicable

Additional files for all supported x64-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-k..distribution-center_31bf3856ad364e35_6.0.6001.22498_none_e806b95565fdb192.manifestNot applicable42,32017-Aug-200913:58Not applicable
Amd64_microsoft-windows-k..distribution-center_31bf3856ad364e35_6.0.6002.22201_none_ea477a6962e15703.manifestNot applicable42,32017-Aug-200913:57Not applicable
Amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22498_none_4325ce30828a5e9e.manifestNot applicable38,36217-Aug-200913:59Not applicable
Amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22201_none_45668f447f6e040f.manifestNot applicable38,36217-Aug-200913:58Not applicable
Amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22498_none_7e653c1326ffa567.manifestNot applicable18,12017-Aug-200914:00Not applicable
Amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22201_none_80a5fd2723e34ad8.manifestNot applicable18,12017-Aug-200913:59Not applicable
Package_for_kb970402_client_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,37518-Aug-200905:50Not applicable
Package_for_kb970402_client_2~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,70618-Aug-200905:50Not applicable
Package_for_kb970402_client~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,72318-Aug-200905:50Not applicable
Package_for_kb970402_sc_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,93818-Aug-200905:50Not applicable
Package_for_kb970402_sc_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable2,31118-Aug-200905:50Not applicable
Package_for_kb970402_sc~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,71118-Aug-200905:50Not applicable
Package_for_kb970402_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,93518-Aug-200905:50Not applicable
Package_for_kb970402_server_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable2,31318-Aug-200905:50Not applicable
Package_for_kb970402_server~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,72318-Aug-200905:50Not applicable
Package_for_kb970402_winpesrv_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,43018-Aug-200905:50Not applicable
Package_for_kb970402_winpesrv~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,43818-Aug-200905:50Not applicable
Wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22498_none_4d7a7882b6eb2099.manifestNot applicable38,93917-Aug-200914:16Not applicable
Wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22201_none_4fbb3996b3cec60a.manifestNot applicable38,93917-Aug-200913:33Not applicable
Wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22498_none_88b9e6655b606762.manifestNot applicable17,55717-Aug-200914:16Not applicable
Wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22201_none_8afaa77958440cd3.manifestNot applicable17,55717-Aug-200913:34Not applicable

Additional files for all supported Itanium-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Ia64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22498_none_e708d6a2ca2af664.manifestNot applicable38,34417-Aug-200913:44Not applicable
Ia64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22201_none_e94997b6c70e9bd5.manifestNot applicable38,34417-Aug-200914:51Not applicable
Ia64_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22498_none_224844856ea03d2d.manifestNot applicable18,10517-Aug-200913:45Not applicable
Ia64_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22201_none_248905996b83e29e.manifestNot applicable18,10517-Aug-200914:52Not applicable
Package_for_kb970402_sc_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,42518-Aug-200905:50Not applicable
Package_for_kb970402_sc_1~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,53018-Aug-200905:50Not applicable
Package_for_kb970402_sc~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,70618-Aug-200905:50Not applicable
Package_for_kb970402_server_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,42918-Aug-200905:50Not applicable
Package_for_kb970402_server_1~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,53418-Aug-200905:50Not applicable
Package_for_kb970402_server~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,71818-Aug-200905:50Not applicable
Package_for_kb970402_winpesrv_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,42618-Aug-200905:50Not applicable
Package_for_kb970402_winpesrv~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,43418-Aug-200905:50Not applicable
Wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22498_none_4d7a7882b6eb2099.manifestNot applicable38,93917-Aug-200914:16Not applicable
Wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22201_none_4fbb3996b3cec60a.manifestNot applicable38,93917-Aug-200913:33Not applicable
Wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22498_none_88b9e6655b606762.manifestNot applicable17,55717-Aug-200914:16Not applicable
Wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22201_none_8afaa77958440cd3.manifestNot applicable17,55717-Aug-200913:34Not applicable
Back to the top
APPLIES TO
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Back to the top
Keywords: 
kbfix kbqfe kbsurveynew kbexpertiseadvanced kbhotfixserver kbautohotfix KB970402
Back to the top