Article ID: 977203 - View products that this article applies to.
Consider the following scenario:
Failed to import the client certificate store (0x80092024) OSDSMPClient
This error occurs because an embedded NULL character is in the Friendly name property of a certificate. Security update 974571 prevents the action that imports the certificate when its Friendly name property has an embedded NULL character. Therefore, the certificate cannot be imported.
Important To resolve this issue, install this hotfix on all System Center Configuration Manager 2007 Service Pack 1 (SP1) site servers and on all System Center Configuration Manager 2007 Service Pack 2 (SP2) site servers. Then, deploy this hotfix to all clients.
This hotfix resolves this issue for any new client certificates that are generated. To correct the current certificates, run the CCMCertFix utility that is in this package on all the Configuration Manager SP1 clients and on all the Configuration Manager SP2 clients.
Note To extract CCMCertFix utility, follow these steps:
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
PrerequisitesTo apply this hotfix, System Center Configuration Manager 2007 Service Pack 1 (SP1) or System Center Configuration Manager 2007 Service Pack 2 (SP2) must be installed.
Restart requirementYou do not have to restart the computer after you apply this hotfix.
Hotfix replacement informationThis hotfix does not replace a previously released hotfix.
File informationThe English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
System Center Configuration Manager 2007 SP1 file information
Collapse this tableExpand this table
System Center Configuration Manager 2007 SP2 file information
Collapse this tableExpand this table
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Client installation propertiesIf you specified a client push installation property when you installed the System Center Configuration Manager 2007 SP1 client or the System Center Configuration Manager 2007 SP2 client, you must specify the property again when you install the hotfix. If you do not specify the property again when you install the hotfix, the property is removed from the configuration. For example, if you modified the original installation by using the server locator point (SMSSLP) or the fallback status point (FSP) property, you must specify that property again when you install the hotfix.
How to use the CCMCertFix.exe utilityThe CCMCertFix utility is a command prompt utility that runs without options (switches). However, you must run it by using administrative rights. The CCMCertFix.exe file is installed at the following location:
sms root\logs\KB977203Note You can redirect errors to a specific log file. For example, assume the file name of the log file is CCMCertFix.log. In this scenario, you can run the following command:
Deployment information about CCMCertFix.exe utilityThe CCMCertFix utility can be distributed as a Configuration Manager program. For example, assume that you use the following settings to distribute the utility as a Configuration Manager program:
Note You must run the CCMCertFix utility by using administrative rights.
For more information about Security Update 974571, click the following article number to view the article in the Microsoft Knowledge Base:
974571For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/974571/ )MS09-056: Vulnerabilities in CryptoAPI could allow spoofing
824684The hotfix that is described in Microsoft Knowledge Base article 997384 supersedes and includes this hotfix. Therefore, this hotfix cannot be installed after that hotfix is installed. However, the CCMCertFix.exe utility is not included as part of that hotfix. To obtain the CCMCertFix.exe utility after you have installed that hotfix, download the hotfix that is described in this hotfix, and then run the following command to extract the contents of the hotfix:
(https://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates
msiexec.exe /a SCCM2007-SP2-KB977203-ENU.msi /qb targetdir=Path_To_Extract_ToNotes
Install KB977203 during a task sequence
For operating system deployments, the KB977203 hotfix must be installed during a ConfigMgr 2007 OSD task sequence in the Setup Windows and ConfigMgr task. Otherwise, the problem will continue to occur while the task sequence is executed. The hotfix cannot be installed by using an "install software" task. Doing that would cause the ConfigMgr 2007 client service to stop, which will cause the task sequence to fail.
Note If the client update that is described in Knolwedge Base article 977384 is being installed during the task sequence, it is not necessary to also install this client update, because this update is included as part of that update.
To install the KB977203 hotfix during a ConfigMgr 2007 OSD task sequence, use the PATCH= option that is described in the following Microsoft Knowledge Base article:
(https://support.microsoft.com/kb/907423/ )How to include an update in the initial installation of Systems Management Server 2003 Advanced Client
To install the KB977203 hotfix during a ConfigMgr 2007 OSD task sequence, follow these steps:
In addition to installing the KB977203 hotfix during the Task Sequence, CCMCertFix.exe also has to be run. When CCMCertFix.exe runs depends on the deployment scenario that is occurring (replace or refresh or new computer). The following steps show how to run CCMCerFix.exe for all deployment scenarios.
Note For replace scenarios, you only have to follow steps 1 through 5 for the task sequence that captures the data on the original computer. For the task sequence that restores the data on the new computer, follow all the steps.
Article ID: 977203 - Last Review: October 13, 2011 - Revision: 16.0