Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

A certificate generation operation fails together with the error code 0x8009000b when a private key of the certificate is imported on a computer that is running Windows Server 2008 or Windows Vista


View products that this article applies to.

Symptoms

On a computer that is running Windows Server 2008 or Windows Vista, a certificate generation operation fails together with the error code 0x8009000b. This issue occurs when the following conditions are true:
  • The IX509PrivateKey::Import method is used to import a private key during the certificate generation process.
  • The CRYPT_EXPORTABLE flag and the CRYPT_ARCHIVABLE flag are set when the private key is imported.

↑ Back to the top


Cause

This issue occurs because the IX509PrivateKey::Import method ignores the kind of the imported keys and sets them all as signature keys. However, there are two kinds of keys.

Note The two kinds of keys are the signature keys and the exchange keys.

↑ Back to the top


Resolution

Hotfix information

A supported hotfix is now available from Microsoft. However, it is intended to correct only the problem that is described in this article. Apply it only to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next that contains this hotfix.

To resolve this problem immediately, contact Microsoft Customer Support Services to obtain the hotfix. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Prerequisites

To apply this hotfix, your computer must be running Windows Vista Service Pack 2 (SP2) or Windows Server 2008 Service Pack 2 (SP2).

For more information about how to obtain a Windows Vista service pack, click the following article number to view the article in the Microsoft Knowledge Base:
935791 How to obtain the latest Windows Vista service pack
For more information about how to obtain a Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
968849 How to obtain the latest service pack for Windows Server 2008

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Windows Vista and Windows Server 2008 file information notes

Important Windows Vista hotfixes and Windows Server 2008 hotfixes are included in the same packages. However, only "Windows Vista" is listed on the Hotfix Request page. To request the hotfix package that applies to one or both of these operating systems, select the hotfix that is listed under "Windows Vista" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.
  • The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
    VersionProductSR_LevelService branch
    6.0.600 2 . 22xxxWindows Vista and Windows Server 2008SP2LDR
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008 and for Windows Vista" section. MUM files and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
File nameFile versionFile sizeDateTimePlatform
Certenroll.dll6.0.6002.222731,113,60020-Nov-200919:26x86
Certenrollctrl.exe6.0.6002.222736,65620-Nov-200917:10x86

For all supported x64-based versions of Windows Server 2008 and of Windows Vista
File nameFile versionFile sizeDateTimePlatform
Certenroll.dll6.0.6002.222731,661,44020-Nov-200919:26x64
Certenrollctrl.exe6.0.6002.222737,68020-Nov-200917:23x64

For all supported IA-64-based versions of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Certenroll.dll6.0.6002.222733,177,98420-Nov-200919:17IA-64
Certenrollctrl.exe6.0.6002.2227311,26420-Nov-200917:14IA-64

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

For more information about IX509PrivateKey Interface, visit the following Microsoft Developer Network (MSDN) Web site:

For more information about IX509PrivateKey::Import method, visit the following MSDN Web site:

Additional file information

Additional file information for Windows Vista and for Windows Server 2008

Additional files for all supported x86-based versions of Windows Vista and of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
X86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.0.6002.22273_none_f5be1ea7a520d93d.manifestNot Applicable555,84020-Nov-200921:21Not Applicable

Additional files for all supported x64-based versions of Windows Vista and of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.0.6002.22273_none_51dcba2b5d7e4a73.manifestNot Applicable555,87820-Nov-200921:14Not Applicable

Additional files for all supported IA-64-based versions of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
X86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.0.6002.22273_none_f5be1ea7a520d93d.manifestNot Applicable555,84020-Nov-200921:21Not Applicable

↑ Back to the top


Keywords: KB977689, kbfix, kbhotfixserver, kbautohotfix, kbqfe, kbexpertiseadvanced, kbsurveynew

↑ Back to the top

Article Info
Article ID : 977689
Revision : 1
Created on : 2/8/2010
Published on : 2/8/2010
Exists online : False
Views : 428