|
Posted by Steven L Umbach on August 10, 2005, 8:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Try logging on as a "local" administrator on those servers. Then use the mmc
snapin for certificates for computer account and go to the folder for
trusted root certificate authorities/certificates. Right click the folder,
select all tasks - import and try to import the certificates that way. Also
look in the application/system logs on those servers to see if any pertinent
problems are reported. Verify that the Cryptographic service is running on
this computer as the error message indicates. --- Steve
> Hello,
>
> We have three terminal servers that we are not able to install MS
> patches/updates. We receive the following error:
>
> "Setup could not verify the integrity of the file Update.inf. Make sure
> the
> Cryptographic service is running on this computer."
>
> I went through all of suggestions in KB article 822798 and we believe that
> the problem on these three servers is happening because they are all
> missing
> both the "Verisign Commercial Software Publishers CA" and the "Thawte
> Timestamping CA" certificates.
>
> I went to our mail servers (W2K3 and Exchange 2003). Both of these
> servers
> had the correct certificates (I verified both the dates and the serial
> numbers). I successfully exported both certificates to a network share.
>
> This is where it gets tricky. I logged into the servers both as the local
> administrator (they are not DCs) and with my domain admin account to try
> to
> import the certificates. When I allow the import wizard to choose where
> to
> put the certs, it fails with the following error:
>
> "An error occurred during the addition of a certificate to the Trusted
> Root
> Certification Authorities store."
>
> When specify it to put them into the Trusted Root Certificate store I get
> the following message:
>
> "The import failed because the store was read-only, the store was ffull,
> or
> the store did not open correctly."
>
> Now I looked through our GPOs and did not see anything on any of our
> policies that is restricting who or whether or not certificates can be
> installed.
>
> In addition to needing to get these two certificates installed, we are
> also
> concerned that they were not put there in the first place as KB article
> 293781 indicates that they are required for the OS to function properly.
>
> Two of our terminal servers are running Citrix MetaFrame Presentation
> Server
> 3.0 however, the one with SP1 installed is not. It is a fresh build,
> destined for Citrix MetaFrame Presentation Server 4.0 but not until we are
> able to successfully install MS updates.
>
> We used the same initial install process for the terminal servers as we
> did
> for our two Exchange boxes and are somewhat unsure as to why they have the
> certificates.
>
> So here are my questions:
>
> 1) How do I get these certificates installed?
> 2) Do these certificates come as part of another W2K3 component and if so,
> will adding then removing the component retain the certificates?
>
> Please help!
>
> Thanks,
> Nancy
| 
XML site map