Renewed my subca now I get A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider

Similar Messages

• W2012R2 - A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.

  Hi all.
  I have stanalone offline RootCA, and enterprise domain SubCA on DC on Windows 2012 server. I have Windows 2003 Terminal Server, users logon to TS via smart cards - and this work fine.
  Now I added Windows server 2012 as "Terminal Server".
  Now I added Windows server 2012 R2 as "Terminal Server".
  I configured both servers identically.
  Users can logon via smart card to Windows Server 2012.
  Users CAN NOT logon via smart card to Windows Server 2012 R2.
   When user trying to logon via smart card, they have information:
  "An untrusted cartification authority was detected while processing the domain controller certificate used for authentication. Additional information..."
  I run a certutil.exe -scinfo on both Windows 2012/2012R2 servers.
  I found differences in the (~) same place in the output log.
  On Windows 2012:
  Exclude leaf cert:
     b4 44 8f fb fb b4 5f 03 39 76 dc cc e8 da 02 e0 d0 cc b6 32
   Full chain:
     c8 3d 07 12 ea 4d 0e 5a 8c 50 fc 56 2e 51 f1 68 6a 26 90 77
  Verified Issuance Policies: None
  Verified Application Policies:
       1.3.6.1.5.5.7.3.2 Client Authentication
       1.3.6.1.4.1.311.20.2.2 Smart Card Logon
   On Windows 2012 R2:
   Exclude leaf cert:
     78 7e 6c 60 3f 20 c6 f6 e8 74 c8 36 e3 d3 88 ac 12 60 41 32
   Full chain:
     b8 a9 fa 6c db 07 cd 32 86 17 8c 88 02 ba d0 4b 8c ac 2d 58
     Issuer: CN=XXX CA, OU=Certification Services, O=XX, C=XX
     NotBefore: 2013-11-22 12:42
     NotAfter: 2014-11-22 12:42
     Subject: CN=XX Test, OU=XX, OU=UXX, DC=XX, DC=com
     Serial: 7a0084f
     SubjectAltName: Other Name:Principal Name=XX@XX
     Template: Smartcard Logon Behalf 2048
     1d 2a bb dc 2a 9c 70 0d b5 35 47 44 ee 61 60 ab 71 97 66 ff
   A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478)
  I run a certutil -verify xx.cer on both Servers 2012/2012R2 and on both servers have the ~exact same thing.
  Windows 2012:
  Exclude leaf cert:
     f6 0e 96 da c7 08 9a 78 12 97 a6 b6 22 df 57 9d e7 03 41 df
   Full chain:
     f0 fb 19 66 e8 6c 4f ea b4 d5 ea 6d 5e 38 54 07 b0 9f 52 96
  Verified Issuance Policies: None
  Verified Application Policies:
       1.3.6.1.4.1.311.20.2.2 Smart Card Logon
       1.3.6.1.5.5.7.3.2 Client Authentication
  Leaf certificate revocation check passed
  Windows 2012 R2:
  Exclude leaf cert:
     84 18 5b 9d 06 61 60 73 c6 37 80 f4 25 33 c4 d3 5e ef 4a 93
   Full chain:
     63 8e 9e 37 78 c9 93 bb 4d da f4 e3 4b 7e 2b 14 49 28 0f 5d
  Verified Issuance Policies: None
  Verified Application Policies:
       1.3.6.1.4.1.311.20.2.2 Smart Card Logon
       1.3.6.1.5.5.7.3.2 Client Authentication
  Leaf certificate revocation check passed
  Whether Windows 2012R2 is not trying to build a certificate path, treating smart card logon certificate as (Sub)CA certificate?
  Previous and probably wrong idea:
  The only thing that comes to my mind is my SubCA.
  I have two CA Certyficates:
  Certyficate #0 (expired)
  Certyficate #1 <- valid.
  I guess that all Windows before Windows 2012 R2 build certyficafion chain from valid (second #1) certyficate. Windows 2012 R2 take first and we have:
  "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  [ value]  800B0112 "
  This is a bug or feature?
  How I can fix this without removal Certificate #0 from my SubCA?
  Best regards
  Jacek Marek
  MCSA Windows Server 2012

  Hi,
  Glad to hear that the issue is solved!
  Thank you very much for your sharing!
  Please feel free to let us know if you encounter any issues in the future.
  Best Regards,
  Amy

• A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.

  Hi all.
  I have stanalone offline RootCA, and enterprise domain SubCA on DC on Windows 2012 server. I have Windows 2003 Terminal Server, users logon to TS via smart cards - and this work fine.
  Now I added Windows server 2012 as "Terminal Server".
  Now I added Windows server 2012 R2 as "Terminal Server".
  I configured both servers identically.
  Users can logon via smart card to Windows Server 2012.
  Users CAN NOT logon via smart card to Windows Server 2012 R2.
  When user trying to logon via smart card, they have information:
  "An untrusted cartification authority was detected while processing the domain controller certificate used for authentication. Additional information..."
  The only thing that comes to my mind is my SubCA.
  I have two CA Certyficates:
  Certyficate #0 (expired)
  Certyficate #1 <- valid.
  I guess that all Windows before Windows 2012 R2 build certyficafion chain from valid (second #1) certyficate. Windows 2012 R2 take first and we have:
  "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
     [ value]  800B0112 "
  This is a bug or feature?
  How I can fix this without removal Certificate #0 from my SubCA?
  Best regards
  Jacek Marek
  MCSA Windows Server 2012

  Hi,
  I run a certutil.exe -scinfo on both Windows 2012/2012R2 servers.
  I found differences in the (~) same place in the output log.
  On Windows 2012:
  Exclude leaf cert:
    b4 44 8f fb fb b4 5f 03 39 76 dc cc e8 da 02 e0 d0 cc b6 32
  Full chain:
    c8 3d 07 12 ea 4d 0e 5a 8c 50 fc 56 2e 51 f1 68 6a 26 90 77
  Verified Issuance Policies: None
  Verified Application Policies:
      1.3.6.1.5.5.7.3.2 Client Authentication
      1.3.6.1.4.1.311.20.2.2 Smart Card Logon
  On Windows 2012 R2:
   Exclude leaf cert:
    78 7e 6c 60 3f 20 c6 f6 e8 74 c8 36 e3 d3 88 ac 12 60 41 32
  Full chain:
    b8 a9 fa 6c db 07 cd 32 86 17 8c 88 02 ba d0 4b 8c ac 2d 58
    Issuer: CN=XXX CA, OU=Certification Services, O=XX, C=XX
    NotBefore: 2013-11-22 12:42
    NotAfter: 2014-11-22 12:42
    Subject: CN=XX Test, OU=XX, OU=UXX, DC=XX, DC=com
    Serial: 7a0084f
    SubjectAltName: Other Name:Principal Name=XX@XX
    Template: Smartcard Logon Behalf 2048
    1d 2a bb dc 2a 9c 70 0d b5 35 47 44 ee 61 60 ab 71 97 66 ff
  A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478)
  I run a certutil -verify xx.cer on both Servers 2012/2012R2 and on both servers have the ~exact same thing.
  Windows 2012:
  Exclude leaf cert:
    f6 0e 96 da c7 08 9a 78 12 97 a6 b6 22 df 57 9d e7 03 41 df
  Full chain:
    f0 fb 19 66 e8 6c 4f ea b4 d5 ea 6d 5e 38 54 07 b0 9f 52 96
  Verified Issuance Policies: None
  Verified Application Policies:
      1.3.6.1.4.1.311.20.2.2 Smart Card Logon
      1.3.6.1.5.5.7.3.2 Client Authentication
  Leaf certificate revocation check passed
  Windows 2012 R2:
  Exclude leaf cert:
    84 18 5b 9d 06 61 60 73 c6 37 80 f4 25 33 c4 d3 5e ef 4a 93
  Full chain:
    63 8e 9e 37 78 c9 93 bb 4d da f4 e3 4b 7e 2b 14 49 28 0f 5d
  Verified Issuance Policies: None
  Verified Application Policies:
      1.3.6.1.4.1.311.20.2.2 Smart Card Logon
      1.3.6.1.5.5.7.3.2 Client Authentication
  Leaf certificate revocation check passed
  Any idea, or I must open case with Microsoft support?
  Best regards
  Jacek Marek
  MCSA Windows Server 2012

• I can no longer get to my Google HOme Page using Firefox. because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer).

  I can access my Google Mail and Google Home Page just fine using IE.
  I am currently using Firefox version 8.0.

  Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  *https://support.mozilla.org/kb/Secure+Connection+Failed
  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"

• The message icon is not showing in the drop screen of my photos it used to show before and now it's not there how can I get it back?

  The message icon is not showing in the drop screen of my photos where it says do you want to email, message, assign, use as waller paper etc. it used to show before and now it's not there how can I get it back?

  Did this back along to mine. Plug it into itunes on your pc (or Mac) and click on the ipod icon on the left hand side. When the device options come up on the main screen, click on restore. Follow the steps and it should restore to factory settings. If you had icloud activated on the ipod all previous purchases should be in the cloud and ready to download onto the ipod afte rit has been restored to factory settings, otherwise you'll have to download them all again. Hope it helped.

• Hi! Once I've deleted a purchased program and now I get it back to my itunes, but can't go back to my phone even it's shown on the monitor that it's on my phone already. But it isn't. Even if I syncronize it doesn't move to my phone. What can I do?

  Once I've deleted a purchased program accidentally and now I get it back from my iTunes, but doesn't move to my phone even it looks like on the phone by iTunes.
  How can I syncronize it to get back really the app to my phone?

  go to settings>general>restrictions and turn facetime ON

• Hello dps team,  A few weeks ago we renewed our dps licence. Now we want to release our newest issue but we can't. Following error message appears "At the attempt to release the folio creates an error. The process could not be started. Please try again la

  Hello dps team,
  A few weeks ago we renewed our dps licence. Now we want to release our newest issue but we can't. Following error message appears "At the attempt to release the folio creates an error. The process could not be started. Please try again later."
  Is there a problem with our dps version or any maintenance work at the servers from Adobe?
  Best,
  Oliver

  Hi Oliver,
  Please login to your DPS dashboard and contact support by clicking "Contact support" at the bottom left
  Thanks
  Lohrii

• I just updated to 9.0.1 and now I get 4 tabs opening every time. (Welcome to Firefox, Mozilla Firefox Start Page, Plugin Installed & The Personas Interactive Theme) I can not stop them from opening.

  I just updated to 9.0.1 and now I get 4 tabs opening every time. (Welcome to Firefox, Mozilla Firefox Start Page, Plugin Installed & The Personas Interactive Theme) I can not stop them from opening. Please advise.

  See these articles for some suggestions:
  *https://support.mozilla.org/kb/Firefox+has+just+updated+tab+shows+each+time+you+start+Firefox
  *https://support.mozilla.org/kb/How+to+set+the+home+page - Firefox supports multiple home pages separated by '|' symbols
  *http://kb.mozillazine.org/Preferences_not_saved

• My new (2 months old) 5s fingerprint recognition sensor does not work. It worked well when I first got it but now to get it to work I have to redo my fingerprints every few days, which completely negates the convenience and cost of the phone.

  My new (2 months old) 5s fingerprint recognition sensor does not work. It worked well when I first got it but now to get it to work I have to redo my fingerprints every few days, which completely negates the convenience and cost of the phone.  I have tried all the tips and they help a little but it always stops working and I have to redo my fingerprints. Does Apple read these comments?  Is there an app that might help?

  Apple does not read here.
  If you want Apple to know send feedback
  http://www.apple.com/feedback/iphone.html
  I also have iPhone 5s on day one and it's working since. When it's not registering, I just clean the Home button and it works straight away.
  Did you try when registering fingerprint using all angles? It should learn the more you use it.
  Did you clean the sensor with a soft cloth?
  http://support.apple.com/kb/HT5883

• How to get a question in the course placed anywhere in the course and does not appear in the quiz result or total number of questions. Pretest would work except it can't go anywhere in the course (at least for me it can't)

  How to get a question in the course placed anywhere in the course and does not appear in the quiz result or total number of questions. Pretest would work except it can't go anywhere in the course (at least for me it can't)

  Use a normal question, and do not add the score to the total score. That will give you a correct score at the end. But the total number of questions, that system variable will still take into account all questions. You'll need a user variable, and calculate its value by subtracting 1 from the system variable cpQuizInfoTotalQuestionsPerProject. Same for the progress indicator if you want to show it?
  Customized Progress Indicator - Captivate blog
  If you want to allow Review, you'll have to tweak as well. You didn't specify the version, and all those questions I now mentioned.
  And my approach, since you talk about only one question: create a custom question, because you'll have total control then.

• I keep getting the iTunes error message "the item selected is not available in the UK store" how do i fix this please ?

  I keep getting the error message " The item selected is not available in the UK store" and i am not able to do anything else with iTunes, any idea how i fix this as it appears to now be restricting my account access across the Mac Book, iPad, iPhone and Mac Mini in the house ?
  Thanks

  Hi Thanks,
  I could only see posts from some months ago and thought I had something different.
  Looks like I have not been using the correct search terms.
  Will wait and see what happens.

• Using Photoshop Elements 12 on my MacBook Pro laptop, when saving a file I have been working on I get the following message although there is at least 50GB free space on the hard drive:  Could not save because the disk is full.

  I have been making Christmas Cards, working in layers and then flattening the image.  However, I am unable to save the final image as I get the following message:  Could not save because the disk is full.  Looking at the system report for my laptop shows there is 52GB of free space.

  Well, running on a 2006 model.  I did not have a startup disc.  Initially, it booted up on original software in 2006.  Since then, I've upgraded to 10.6 via a box set.  And, since then I think I popped it up to lion. 
  All I have on a disc is snow leopard.  And, I can't get farther than the setup screen due to hard drive.  I'm taking to a apple authorized repair store right now.  We'll see what they tell me .  I'm just going to weigh the cost of repair vs. buying new.
  Another bad, stupid thing is I had no means of backing up my stuff.  So, I might have lost things like music, vids, etc.  we'll see if they can recover.  If the cost is too much for repair I might just forget it and start over with a new system.  Just not sure at this point.

• Getting error while opening a saved for later notification: The selected action is not available. The cause may be related to security. Contact your system administrator to verify your permission level for this action.

  Hi All,
  While opening a saved for later notification, we are getting "The selected action is not available. The cause may be related to security. Contact your system administrator to verify your permission level for this action". error.
  This is a custom notification.
  Please help.
  Thanks
  Raghava

  HI All,
  Please help on this issue.
  Thanks
  Raghava

• My LR 4 suddenly no longer recognized my memory cards. I am using the same cards and cameras but consisitently get the error message:"files not imported because the files could not be read. they are jpg and nef files...I am stuck without my workhorse! Any

  My LR 4 suddenly no longer recognized my memory cards. I am using the same cards and cameras but consisitently get the error message:"files not imported because the files could not be read. they are jpg and nef files...I am stuck without my workhorse! Any advice is helpful. This has never happened in 6 years

  answered in your other thread LR 4 suddenly no longer recognizes files.

• HT1203 i have tried this 6+ times to "How to share music between different accounts on a single computer" on my wifes mac and can not get it to work!! On my PC no problem but on the MAC it will not work, follow the instructions to the T but no go????

  i have tried this 6+ times to "How to share music between different accounts on a single computer" on my wifes mac and can not get it to work!! On my PC no problem but on the MAC it will not work, follow the instructions to the T but no go????

  It is almost as if the program does not exist on my computer. If I search for it, the only thing that comes up is the installer. I cannot find it anywhere despite the fact I have installed it numerous times, uninstalled it and conducted a fresh install, and the Adobe website checks says that it is installed.