On Feb 1, 5:49 am, Brian W <Bri...@discussions.microsoft.com> wrote:
> The 01-29-2007 release of "Root Certificates Update" has stopped my Windows
> Server 2003 SP1 certificate required web sites. In the DoD we require
> certificate based access requirements for web sites and the latest root
> certificates update seems like it may pose a big problem for the DoD.
> Hopefully my issue is isolated to just my one server, which fortunately
> happened to be a development server ... thus the test. My certificate store
> went from 129 trusted root certificates to 230+. Below is the event log entry:
>
> Event Type: Warning
> Event Source:Schannel
> Event Category: None
> Event ID: 36885
> Description: When asking for client authentication, this server sends a list
> of trusted certificate authorities to the client. The client uses this list
> to choose a client certificate that is trusted by the server. Currently, this
> server trusts so many certificate authorities that the list has grown too
> long. This list has thus been truncated. The administrator of this machine
> should review the certificate authorities trusted for client authentication
> and remove those that do not really need to be trusted.
>
> My solution was to match the certificate store of another server and delete
> all the new certificates added fro the new update. Anyone else having this
> issue?
>
> -brian-
I had the same problem Brian.
My clients would not be prompted for their SmartCard (Cert) but
instead started gettting error 403.7
I searched for any information to try and resolve this, before I
finally came across the Event ID 36885 in the System event logs.
Once I fixed the problem I came across your post.
Hopefully others out there will find this helpful.
Matt
|
Similar Threads
Linear Mode
