This article was previously published under Q313494
This article has been archived. It is offered "as is" and will no longer be updated.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
When the Microsoft Cryptography API is running in the system security context (typically as a service), various functions may not work. This symptom may also occur under a user context. Because many programs use the Cryptography API, it is not possible to document every possible error message for this issue. However, the following list describes some of the more common symptoms:
When you try to start the Internet Service Manager snap-in locally on a Windows 2000-based server, you may receive the following error message:
Unable to enumerate web sites because the following error occurred: An internal error occurred.
When you try to access the metabase by using Adsutil.vbs or Mdutil.exe, you may receive the following error message:
ErrNumber: -2146893792 (0x80090020) Error Trying To ENUM the Object (GetObject Failed): w3svc
Terminal Services Licensing may not start, and the following event may be generated:
Event ID 39 Source: TermSrvLicensing Event String: Can't generate new public/private keys because of error 'Can't acquire Crypt Context, error 80090016.
When you try to manually start the service, you may receive the following error message:
Windows could not start the Terminal Services Licensing on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -1073676287.
Autoenrollment fails, and the following event may be generated:
Event Type: Warning Event Source: Winlogon Event Category: None Event ID: 1010 Date: 3/28/2002 Time: 8:30:19 PM User: N/A Computer: Computername Description: Automatic enrollment against the certification authority Certification Authority Name for a certificate of type DomainController has failed. (0x80090020) An internal error occurred. Another certification authority will be tried.
In Microsoft Internet Information Server version 5.0, if you perform certain certificate actions (for example, you request a certificate, or you import or export a certificate), you may receive one of the following error messages:
The private key that you are importing might require a cryptographic service provider that is not installed on your system.
Failed to generate the certificate request: an internal error occurred.
This problem may occur because some third-party programs may set the systems Cryptography Service Provider (CSP) on Windows 2000 to a provider that is not usable to callers that do not specify a provider. In some situations this may cause problems, for example, if a strong provider is required. The Protected Storage service calls CryptAcquireContext without passing a specific provider. If the default CSP does not support the specified algorithm, the next available CSP could be used.
This appears to be related to programs that have only been tested on Windows 2000 versions prior to Windows 2000 Service Pack 2 (SP2). Windows 2000 SP2 ensures that the system is running high encryption and that different providers may be used. Microsoft testing indicates that this issue is only reproducible on a Windows 2000 SP2-based computer or a pre-Windows 2000 SP2-based computer with the High Encryption pack installed.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
Microsoft Windows 2000 Server SP1, Microsoft Windows 2000 Server SP2, Microsoft Windows 2000 Advanced Server SP1, Microsoft Windows 2000 Advanced Server SP2, Microsoft Windows 2000 Professional SP1, Microsoft Windows 2000 Professional SP2, Microsoft Internet Information Services 5.0