Sysadmins LV
Vadims Podāns
Vadims Podāns
  • I work at
PKI Solutions
Microsoft Most Valuable Professional: Windows PowerShell
Protected by Copyscape DMCA Takedown Notice Search Tool
  • Home
  • Main blog
  • Web Enrollment pages fails after MS11-051 patch installation

Web Enrollment pages fails after MS11-051 patch installation

SYMPTOMS

Consider the following scenario. You have Windows Server 2003 with installed Certification Authority and Web Enrollment components. When you try to access web enrollment pages from a Windows Vista-based (or newer) computer you receive a message box:

image

The certificate enrollment page you are attempting to access cannot be used with this version of Windows. To enable Web certificate enrollment for clients running Windows Vista, your administrator must update all Windows CA Web enrollment pages. To learn more about this issue and the steps needed to update Web enrollment pages to support all versions of Windows, see: http://support.microsoft.com/kb/922706

KB922706 page contains the following information:

Security update MS11-051 replaces the fix in 922706 and we advise customers to install the security update 2518295 instead of this hotfix 922706.

After installing MS11-051 patch (KB2518295) an error remains and you still cannot use web enrollment.

CAUSE

The patch MS11-051 (published 13 June 2011) does not replace KB922706 for Windows Server 2003.

Windows Server 2008 and Windows Server 2008 R2 are not affected, because they already have KB922706.

 

 

RESOLUTION

Microsoft is working on MS11-051 patch update. See Workaround section how to work around the issue.

 

WORKAROUND

To work around this issue you must follow the steps described below:

  1. Uninstall KB2518295 from Add or Remove Programs applet.
    Note: by default security updates are not shown in Add or Remove Programs applet. Mark Show Updates check-box.
  2. Install KB922706 update. Use the links below to download appropriate update:
    Download link for Windows Server 2003 x86
    Download link for Windows Server 2003 x64
  3. Install MS11-051 security patch. Use the links below to download appropriate update:
    Download link for Windows Server 2003 x86
    Download link for Windows Server 2003 x64

After update installation you may need to restart web site that serves enrollment web pages. To do that, do the following:

  1. In the Start –> Administrative Tools select Internet Information Services (IIS) Manager.
  2. In the opened console, expand Computer Name\Web Sites node.
  3. Select Default Web Site entry.
  4. In the Actions menu, select Stop and then click Start from the Actions menu.

APPLIES TO

  • Windows Server 2003 (All service packs) x86
  • Windows Server 2003 (All service packs) x64
Share this article:

Comments:

JR
JR 16.12.2011 00:42 (GMT+3) Web Enrollment pages fails after MS11-051 patch installation

THANK YOU!! I spent hours trolling the unhelpful Microsoft support pages. You have saved me!

Arun Shetty
Arun Shetty 15.02.2012 21:25 (GMT+3) Web Enrollment pages fails after MS11-051 patch installation

Thanks a million...you saved a lot of my time.

Keithab
Keithab 30.03.2012 06:34 (GMT+3) Web Enrollment pages fails after MS11-051 patch installation

This blog was exactly what I needed. Thanks a ton!

rob ingenthron
rob ingenthron 04.12.2012 16:13 (GMT+3) Web Enrollment pages fails after MS11-051 patch installation

This worked great. Thanks for adding much more clarity than the Microsoft error page provided!! -- Rob --

Post your comment:

Please, solve this little equation and enter result below. Captcha