You cannot add a TLS certificate to a computer that is running Office Live Communications Server 2003 (867651)


The information in this article applies to:

  • Microsoft Office Live Communications Server 2003

SYMPTOMS

When you try to add a Transport Layer Security (TLS) certificate to the Authentication tab of a computer that is running Microsoft Office Live Communications Server 2003, you may receive the following error message:
Live Communications Server Snap-in cannot save some or all of the settings.

CAUSE

This problem occurs because you do not have access to the following object:

\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\GUID

This key has permissions set to full control only for the user account that added the actual certificate to the local machine store.

RESOLUTION

To resolve this problem, you must grant permissions to the following object:

\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\GUID

You must grant permissions to this object if the following conditions are true:
  • You are installing Office Live Communications Server 2003.
  • You are not using the same account that you used to add the TLS certificate to the local machine store.
You must grant the installing account full control to the following object before you can add the TLS authentication method:

\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\GUID

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

You can use the Sysinternals Filemon utility to determine the GUID you must grant access to. To do this, filter on the Wmiprvse.exe process ID that is owned by NETWORK SERVICE while you reproduce the error. To obtain the Sysinternals Filemon utility, visit the following Sysinternals Web site:

http://www.sysinternals.com

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Modification Type:MajorLast Reviewed:7/15/2004
Keywords:kbBug kbprb KB867651 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.