ActiveX Error Messages Using Certificate Enrollment Web Pages to Enroll a Smart Card in Internet Explorer
This article was previously published under Q330211
This article has been archived. It is offered "as is" and will no longer be updated.
You may receive the following error message after the "Downloading ActiveX Control" message appears in the progress bar when you try to use a Microsoft Windows Certificate Server to enroll a smart card:
The proper version of the ActiveX Control failed to download and install. You may not have sufficient permissions. Please ask your system administrator for assistance.When this occurs, you cannot continue to use the Smartcard Enrollment Station Web page (Certsces.asp).
This behavior occurs if the Microsoft Windows Certificate Server is not in the Trusted Sites zone in Internet Explorer.
When a client computer for which the updated control has not been applied tries to enroll with a Web server that has been updated, the Web server downloads the updated control to the client computer. This occurs if the Web server that hosts the Certificate Services Web enrollment pages is in the Trusted Sites zone in Internet Explorer and if you click Yes in the first warning message as indicated later in this article.
To work around this issue, add the Microsoft Windows Certificate Server computer to the Trusted Sites zone in Internet Explorer:
- In Internet Explorer, click Internet Options on the Tools menu.
- On the Security tab, click Trusted sites.
- Click Sites.
- In the Add this Web site to this zone box, type the address for the Microsoft Windows Certificate Server.If the Microsoft Windows Certificate Server (or your computer) is not configured to use SSL, click to clear the Require server verification (https:) for all sites in this zone check box.
- Click Add, and then click OK.
- Click OK.
An Active control on this page might be unsafe to interact with other parts of the page. Do you want to allow this interaction?Click Yes to continue to use the Smartcard Enrollment Station Web pages.
This behavior is by design.
You can use Microsoft Windows 2000-based and Microsoft Windows XP-based client computers in conjunction with the Web enrollment services pages on Microsoft Internet Information Services (IIS) and a Windows 2000 certification authority (CA) to enroll smart cards on behalf of other users. The Smartcard Enrollment station works through Internet Explorer on the client computer and IIS on the server that is hosting the CA Web enrollment pages. This is an optional component during CA installation. The new version of the Smartcard Enrollment control on an updated Web site is not marked "Safe for scripting." You must manually configure Internet Explorer to add the Web server computer that is hosting the Web enrollment pages to the list of trusted sites on the Security tab in Internet Explorer options. If you do not do so, the Smartcard Enrollment control is not downloaded and cannot be used.
After you apply this update to a client computer, the client cannot enroll with a Web server for which the update has not been applied. If you are using a client computer that has installed the fix, Web pages may stop responding, you may receive error messages that state that the ActiveX control could not be downloaded, or enrollment may not be successful. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
330389 Internet Explorer Stops Responding at "Downloading ActiveX Control" Message When You Try to Use a Certificate ServerNOTE: Even if a Web site has been updated and client enrollment is successful, you must update the client computer to remove this vulnerability. Netscape browsers do not use the Certificate Enrollment control to enroll with a Microsoft Windows Certificate Server. However, the client computers must be updated to remove this vulnerability.
Article ID: 330211 - Last Review: 12/07/2015 12:56:24 - Revision: 3.2
Microsoft Internet Explorer 5.5, Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 5.0, Microsoft Internet Explorer 5.5, Microsoft Internet Explorer 5.5, Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 5.0, Microsoft Internet Explorer 5.5, Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 5.0, Microsoft Internet Explorer 5.5, Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 6.0
- kbnosurvey kbarchive kbprb KB330211