Autoenrollment from 2008 CA SHA2 - KB2641690 seems to break Hotfix KB968730

  • Thread starter Thread starter Stephan G
  • Start date Start date
S

Stephan G

Guest
Hello everybody,
i'm trying to autoenroll computer certificates from our 2008 R2 CA to our remaining Windows XP Clients (all SP3). We deployed KB968730 to our XP Clients, that works most of the time. The XP Clients get their updates from our WSUS server.
When deploying to the virtual clients (which get their update directly from Windows Update) there are two updates installed. KB968730 seems to download KB2641690 and installs it.
The crypt32.dll on our Windows XP clients have the version number: 5.131.2600.5779 like described in KB968730 and can autoenroll the certificate.
The crypt32.dll on our Windows XP virtual clients have the version number: 5.131.2600.6154 like described in KB2641690 and can't autoenroll the certificate. On the CA we see that the certificate is issued but it is not imported into the client. So we have about 3-7 certificates for each virtual pc.
After the fix of this issue we also need to clear the CRL list because it's full of entries now.
So it seems like KB2641690 does not include the enhancements of KB968730. Can anyone tell me why and how to fix it (reapply the hotfix ?!?).
Greets
Stephan

Continue reading...
 
You must log in or register to reply here.

Similar threads

J
Impact if we overwrite vbscript.dll from Windows Server 2008 R2 to Windows Server 2019
Replies
0
Views
8
Julius Camacho
J
J
Impact if we overwrite vbscript.dll from Windows Server 2008 R2 to Windows Server 2019
Replies
0
Views
8
Julius Camacho
J
D
Lingering certificate errors from retired CA
Replies
0
Views
5
Dave_E_S
D
F
Certificates from Enterprise CA to sign emails
Replies
0
Views
190
Francisco J. Gaspar
F
T
Moved a CA, need to change CDP/AIA
Replies
0
Views
149
_TFA
T
Back
Top