Downlevel clients in a Windows Server 2003-based domain display "No Alternative Name" on certificates (300865)

The information in this article applies to:

Microsoft Windows Server 2003, Enterprise Edition
Microsoft Windows Server 2003, Standard Edition
Microsoft Windows Millennium Edition
Microsoft Windows 98 Second Edition
Microsoft Windows 98
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows 95

This article was previously published under Q300865

SYMPTOMS

If a user is on a downlevel client computer that is joined to a Windows Server 2003-based domain that enrolls for certificates from an Enterprise certification authority in the Windows .NET domain, the downlevel client does not correctly display the user principal name (UPN) in the Subject Alternative Name field.

When this field is viewed from the downlevel clients, the field in the issued certificate is displayed as: "No alternative name".

CAUSE

The certificate has been issued correctly and does have the correct information in the field. Windows 95, Windows 98, Windows Milennium Edition (Me), and previous versions of Windows NT are not able to display this field correctly.

STATUS

This behavior is by design.

MORE INFORMATION

The Subject Alternative Name extension in the details section of the certificate normally lists the UPN of the account of the user in Active Directory.

Modification Type:	Minor	Last Reviewed:	12/20/2004
Keywords:	kbenv kberrmsg kbprb KB300865