Roaming Profiles Cannot Create Key Containers

This article was previously published under Q265357
This article has been archived. It is offered "as is" and will no longer be updated.
If you are using a roaming user profile and the "Delete roaming profile cache" policy is in use, the CryptAcquireContext call does not succeed and returns an "NTE_TEMPORARY_PROFILE" error message.

This problem becomes apparent when a user requests a certificate using either the Certificate Services web pages or the Certificates MMC snap-in.

The Certificate Services Web pages will return the following error:
An error occurred while creating the certificate request. Please verify that your CSP supports any settings you have made and that your input is valid.

Suggested cause:
No suggestion.

Error: 0x080090024 - (unknown)
The Certificates MMC snap-in will return the following error:
The certificate request cannot be created. The profile for the user is a temporary profile.
In this instance, Windows 2000 does not properly account for PT_ROAMING being returned from GetProfileType.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
   Date        Time     Version        Size     File name   --------------------------------------------------------   07/11/2000  01:54pm  5.0.2195.2101  131,856  Rsabase.dll				

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.
For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:
249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

This error also occurs if the user is a member of the Guests or Domain Guests group, but this is by design. Certificates and the associated private keys are stored in a secured location in the user's profile. If the user is a member of the Guests or Domain Guests groups, then the system marks the profile as temporary which means it will be deleted when the user logs off. Windows 2000 will not allow you to save a private key to a temporary profile because it will not persist from logon session to logon session.

Article ID: 265357 - Last Review: 12/05/2015 20:39:24 - Revision: 3.3

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition

  • kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbfix kbwin2000presp2fix KB265357