WS2012R2 GPMC MMC appcrash when trying to change EFS certificate template in GPO

-

hi!

i seem have problem efs configuration via gpo in  datacenter evaluation of windows server 2012 r2, installed in virtual lab (windows 8.1x64 hyper-v feature, server guest dc+dns+ca+dhcp+iis roles). happens every time , on fresh re-installed server gen2 vm (dc+dns+ca+dhcp roles) no gpo changes ever.

when go to group policy management tool:

default domain policy -> computer config -> policies -> windows settings -> security settings -> public key policies -> encrypting file system properties -> certificates tab.

the moment click browse button change default basic efs cert template mmc crashes.

i followed same procedure on both lab , production windows 2008r2 domain controllers ca role in past , works fine without glitches always. on there able duplicate key recovery agent cert template , import cert based on ca, in ws2012r2/ca such certificate coming invalid reason.

in lab ws2012r2 (datacenter evaluation) apprash when hitting browse button new basic efs certificate template in default domain policy gpo, error differ, those:

log name:      application source:        application error date:          2/12/2014 9:51:12 pm event id:      1000 task category: (100) level:         error keywords:      classic user:          n/a computer:      ws2012r2.vm2012.local description: faulting application name: mmc.exe, version: 6.3.9600.16384, time stamp: 0x5215ef8f faulting module name: certmgr.dll, version: 6.3.9600.16384, time stamp: 0x5215e744 exception code: 0xc000041d fault offset: 0x000000000007ce92 faulting process id: 0xd4c faulting application start time: 0x01cf286661b3c188 faulting application path: c:\windows\system32\mmc.exe faulting module path: c:\windows\system32\certmgr.dll report id: b26d2adf-9459-11e3-80b5-00155d016506 faulting package full name:  faulting package-relative application id:  event xml: <event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">   <system>     <provider name="application error" />     <eventid qualifiers="0">1000</eventid>     <level>2</level>     <task>100</task>     <keywords>0x80000000000000</keywords>     <timecreated systemtime="2014-02-13t02:51:12.000000000z" />     <eventrecordid>684</eventrecordid>     <channel>application</channel>     <computer>ws2012r2.vm2012.local</computer>     <security />   </system>   <eventdata>     <data>mmc.exe</data>     <data>6.3.9600.16384</data>     <data>5215ef8f</data>     <data>certmgr.dll</data>     <data>6.3.9600.16384</data>     <data>5215e744</data>     <data>c000041d</data>     <data>000000000007ce92</data>     <data>d4c</data>     <data>01cf286661b3c188</data>     <data>c:\windows\system32\mmc.exe</data>     <data>c:\windows\system32\certmgr.dll</data>     <data>b26d2adf-9459-11e3-80b5-00155d016506</data>     <data>     </data>     <data>     </data>   </eventdata> </event>
log name:      application source:        application error date:          2/13/2014 12:00:08 event id:      1000 task category: (100) level:         error keywords:      classic user:          n/a computer:      ws2012r2.vm2012.local description: faulting application name: mmc.exe, version: 6.3.9600.16384, time stamp: 0x5215ef8f faulting module name: certmgr.dll, version: 6.3.9600.16384, time stamp: 0x5215e744 exception code: 0xc000041d fault offset: 0x000000000007ce92 faulting process id: 0xf1c faulting application start time: 0x01cf28765972c0a2 faulting application path: c:\windows\system32\mmc.exe faulting module path: c:\windows\system32\certmgr.dll report id: b58d3976-946b-11e3-80b5-00155d016506 faulting package full name:  faulting package-relative application id:  event xml: <event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">   <system>     <provider name="application error" />     <eventid qualifiers="0">1000</eventid>     <level>2</level>     <task>100</task>     <keywords>0x80000000000000</keywords>     <timecreated systemtime="2014-02-13t05:00:08.000000000z" />     <eventrecordid>720</eventrecordid>     <channel>application</channel>     <computer>ws2012r2.vm2012.local</computer>     <security />   </system>   <eventdata>     <data>mmc.exe</data>     <data>6.3.9600.16384</data>     <data>5215ef8f</data>     <data>certmgr.dll</data>     <data>6.3.9600.16384</data>     <data>5215e744</data>     <data>c000041d</data>     <data>000000000007ce92</data>     <data>f1c</data>     <data>01cf28765972c0a2</data>     <data>c:\windows\system32\mmc.exe</data>     <data>c:\windows\system32\certmgr.dll</data>     <data>b58d3976-946b-11e3-80b5-00155d016506</data>     <data>     </data>     <data>     </data>   </eventdata> </event>


anybody else seeing gpmc/mmc crashes in ws2012r2 ? server updated, including optional updates , latest patch tuesday updates. how fix that?


hi fenixus,

based on my testing, please locate efs template. right-click , select properties. on efs properties, select cryptography tab. on cryptography tab, please select key storage provider in provider category. click apply , ok. able browser efs certificate templates in gpme.

hope helps.

best regards,

justin gu



Windows Server  >  Windows Server 2012 General



Comments

Post a Comment

Popular posts from this blog

CRL Revocation always failed

-
hi all, i try configure radius server nps, somehow certificate authentication client failed with reason: reason = revocation function unable check revocation because revocation server offline. then check certificate client, certutil -f -urlfetch -verify client7.cer, result follow: issuer:     cn=entca     dc=intra     dc=domain     dc=co     dc=sg subject:     cn=computer.intra.domain.co.sg cert serial number: 1c5b00de000000000041 dwflags = ca_verify_flags_allow_untrusted_root (0x1) dwflags = ca_verify_flags_ignore_offline (0x2) dwflags = ca_verify_flags_full_chain_revocation (0x8) dwflags = ca_verify_flags_console_trace (0x20000000) dwflags = ca_verify_flags_dump_chain (0x40000000) chainflags = cert_chain_revocation_check_chain (0x20000000) hcce_local_machine cert_chain_policy_base -------- cert_chain_context -------- chaincontext.dwinfostatus = ce...
Read more

Failed to query the results of bpa xpath

-
Image
i have new server installed hyper v, iis , domain services roles on it.  i checking event log , see warning multiple times, idea how rid of it?? failed query results of bpa xpath: microsoft/windows/fileservices:$reports$\*\result.xml:/resultdatabase/result. error: device attached system not functioning., last error: system cannot find path specified.. follow me on twitter <<< levalencia blog <<< hi, similar issue discussed in forum: to rid of warnings: 1. go dashboard 2. click on add roles , features 3. click next "before begin step" 4. select "role based or feature based installation" , click next 5. select given server server pool , click next 6. in server roles step make sure following checked:   file , storage services > file , iscsi services > file server, click next 7.click next through rest of steps , install server role 8. rerun bpa scan described earlier for more information please refer foll...
Read more

0x300000d errors in Microsoft Remote Desktop client

-
we use rd connect home users office. @ server side remote desktop gateway configured on 2008r2 server. experience following:   for years worked fine, starting last year users apple macbook experienced connection errors after new version of microsoft remote desktop in app store , automatic update. after couple of weeks error disappaered when new updates released. since 6 8 weeks problem again. because don’t have macbook cannot reproduce problem.   starting couple of weeks samsung s6 experiencing problems, here version 8.1.37.135 installed, error displayed is: can’t connect tot remote pc because remote desktop gateway server temporaraily unavailable. try connecting later or contact network administrator assistance. error code  0x300000d   because has worked fine years expect issues on client can configuration error on gateway server.   who pin point real cause?   however, testing other rd gateway server works ok settings identically....
Read more