There are numerous users in this one agency that we support whose certificates literally stop functioning, they get an access denied error when going to our secure site. The users are on Windows XP SP2. The system administrator (who is good) says that there are no group policies which are affecting the users. The certificate is not bound to the user's password change policy. They stop functioning after only a couple of weeks, their password change policy is set to a much greater time span. If they re-import the certificate, is works fine for another couple of weeks. There appears to be nothing wrong with the binary certificate store in LDAP, and we think it to be a client issue since only this small office out of our 30,000 users are the only people complaining of this issue. If their certificates are revoked and reissued, the problem still occurs.
I believe that this is a Microsoft issue in some manner, related to the CAPI store. When the users "break" they can no longer export the private key, which was brought in as being exportable.
A case was opened with both Microsoft and Verisign, to no avail. I need to go out now to their site and see what I can come up with. I'd like to see if anyone has any additional suggestions as to what to look for. I don't have access to their computers until I go on site, which will probably be the middle of nect week.
Matt
I believe that this is a Microsoft issue in some manner, related to the CAPI store. When the users "break" they can no longer export the private key, which was brought in as being exportable.
A case was opened with both Microsoft and Verisign, to no avail. I need to go out now to their site and see what I can come up with. I'd like to see if anyone has any additional suggestions as to what to look for. I don't have access to their computers until I go on site, which will probably be the middle of nect week.
Matt
