locked
Microsoft Certificate Authority Sevices (CertEnroll) fails with our Smartcard CSP RRS feed

  • Question

  • Hi!
    We are writing our own CSP. We are using Microsoft Active Directory Certificate Services and

    tries to enroll for a certificate.
    But we cant make it to work. It has worked for some years ago but now there must have been

    upgrades in the Microsoft Active Directory Certificate Service or the CertEnrollCtrl which

    makes it fail.
    The CA is on a WIN2008 R2 and our client where the CertEnrollCtrl lies goes on windows 7 .
    In the ca GUI we click the folowing links Request a certificate/advanced certificate

    request/Create and submit a request to this CA.
    We chose smartcard logon as Certificate Template: and then we chose our own CSP under Key

    options and then we click submit.
    Here is the log.


    certenroll.log
    ========================================================================
    402.511.948: 开始: 2017/2/4 8:22 05.885s
    402.516.0: taskhost.exe
    402.520.0: GMT + 8.00
    2005.208.0: certcli.dll: 6.1:7601.17514 retail
    2005.208.0: certenroll.dll: 6.1:7601.17514 retail
    402.377.949: End: 2017/2/4 8:22 05.886s

    CertEnrollCtrl.log
    ========================================================================
    402.511.948: Begin: 2017/1/10 10:31 09.851s
    402.516.0: CertEnrollCtrl.exe
    402.520.0: GMT + 8.00
    3201.26.0: certcli.dll: 6.1:7601.17514 retail
    3201.26.0: CertEnrollCtrl.exe: 6.1:7600.16385 retail
    2007.195.0:<2017/1/10, 10:31:13>: 0x80091002 (-2146889726): 3DES_112
    2007.195.0:<2017/1/10, 10:31:13>: 0x80091002 (-2146889726): DESX
    2007.195.0:<2017/1/10, 10:31:13>: 0x80091002 (-2146889726): AES-GMAC
    2007.195.0:<2017/1/10, 10:31:13>: 0x80091002 (-2146889726): 3DES_112
    2007.195.0:<2017/1/10, 10:31:13>: 0x80091002 (-2146889726): DESX
    2007.195.0:<2017/1/10, 10:31:13>: 0x80091002 (-2146889726): AES-GMAC
    2007.195.0:<2017/1/10, 10:31:37>: 0x80091002 (-2146889726): 3DES_112
    2007.195.0:<2017/1/10, 10:31:37>: 0x80091002 (-2146889726): DESX
    2007.195.0:<2017/1/10, 10:31:37>: 0x80091002 (-2146889726): AES-GMAC
    2007.195.0:<2017/1/10, 10:31:37>: 0x80091002 (-2146889726): 3DES_112
    2007.195.0:<2017/1/10, 10:31:37>: 0x80091002 (-2146889726): DESX
    2007.195.0:<2017/1/10, 10:31:37>: 0x80091002 (-2146889726): AES-GMAC
    2007.195.0:<2017/1/10, 10:31:50>: 0x80091002 (-2146889726): 3DES_112
    2007.195.0:<2017/1/10, 10:31:50>: 0x80091002 (-2146889726): DESX
    2007.195.0:<2017/1/10, 10:31:50>: 0x80091002 (-2146889726): AES-GMAC
    2014.4740.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2014.1892.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2014.1892.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2015.1760.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2013.1501.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2011.121.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2013.4602.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2015.3475.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2013.3287.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2027.475.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2009.1152.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2009.4353.0:<2017/1/10, 10:31:50>: 0x800700aa (WIN32/HTTP: 170)
    2009.1774.0:<2017/1/10, 10:31:50>: 0x800700aa (WIN32/HTTP: 170)
    2040.1255.0:<2017/1/10, 10:31:50>: 0x800700aa (WIN32/HTTP: 170)
    2009.2640.0:<2017/1/10, 10:31:50>: 0x18 (WIN32: 24): Microsoft Enhanced RSA and AES

    Cryptographic Provider
    2009.2641.0:<2017/1/10, 10:31:50>: 0x8 (WIN32: 8): le-e0a43fbe-019b-4136-b283-d6568527ebc1
    2014.3720.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2013.4507.0:<2017/1/10, 10:31:50>: 0x80094004 (-2146877436)
    2007.195.0:<2017/1/10, 10:31:50>: 0x80091002 (-2146889726): 3DES_112
    2007.195.0:<2017/1/10, 10:31:50>: 0x80091002 (-2146889726): DESX
    2007.195.0:<2017/1/10, 10:31:50>: 0x80091002 (-2146889726): AES-GMAC
    2009.4553.0:<2017/1/10, 10:31:50>: 0x800704df (WIN32: 1247)
    2014.2431.0:<2017/1/10, 10:31:50>: 0x800704df (WIN32: 1247)
    402.377.949: End: 2017/1/10 10:32 09.866s

    csp-log.txt(This is part of my CSP's log)
    2017-02-04|09:25:31:0644|2119|00000c98-000007c8|KERNEL|LOG|====>FM_GetKeyParam

    hProv=07f25790, hKey=07f276e0, dwParam=00000009, pbData=0047d9b0, pcbDataLen=04ca9e24,

    *pcbDataLen=00000004, dwFlags=00000000
    2017-02-04|09:25:31:0644|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0644|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0644|0041|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckKey
    2017-02-04|09:25:31:0644|0081|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckKey
    2017-02-04|09:25:31:0644|2295|00000c98-000007c8|KERNEL|LOG|KP_KEYLEN KP_EFFECTIVE_KEYLEN
    2017-02-04|09:25:31:0644|2312|00000c98-000007c8|KERNEL|LOG|pKeyCtx->dwKeyLen = 128
    2017-02-04|09:25:31:0660|2417|00000c98-000007c8|KERNEL|LOG|<====FM_GetKeyParam
    2017-02-04|09:25:31:0660|2119|00000c98-000007c8|KERNEL|LOG|====>FM_GetKeyParam

    hProv=07f25790, hKey=07f276e0, dwParam=00000006, pbData=04ca9e28, pcbDataLen=04ca9e24,

    *pcbDataLen=00000004, dwFlags=00000000
    2017-02-04|09:25:31:0660|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0660|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0660|0041|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckKey
    2017-02-04|09:25:31:0660|0081|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckKey
    2017-02-04|09:25:31:0660|2363|00000c98-000007c8|KERNEL|LOG|KP_PERMISSIONS
    2017-02-04|09:25:31:0660|2372|00000c98-000007c8|KERNEL|LOG|pKeyCtx->dwFlags = 59
    2017-02-04|09:25:31:0660|2417|00000c98-000007c8|KERNEL|LOG|<====FM_GetKeyParam
    2017-02-04|09:25:31:0660|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f25790, dwParam=00000011, pbData=04ca9e28, pcbDataLen=04ca9e24,

    *pcbDataLen=00000004, dwFlags=00000000
    2017-02-04|09:25:31:0660|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0660|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0660|2839|00000c98-000007c8|KERNEL|LOG|PP_KEYSTORAGE
    2017-02-04|09:25:31:0660|2871|00000c98-000007c8|KERNEL|LOG|<====FM_GetProvParam
    2017-02-04|09:25:31:0660|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f25790, dwParam=00000006, pbData=00000000, pcbDataLen=04ca9dfc,

    *pcbDataLen=04ca9e1c, dwFlags=00000000
    2017-02-04|09:25:31:0660|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0660|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0660|2614|00000c98-000007c8|KERNEL|LOG|PP_CONTAINER PP_UNIQUE_CONTAINER
    2017-02-04|09:25:31:0660|2871|00000c98-000007c8|KERNEL|LOG|<====FM_GetProvParam
    2017-02-04|09:25:31:0660|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f25790, dwParam=00000006, pbData=07a4ce68, pcbDataLen=04ca9dfc,

    *pcbDataLen=00000028, dwFlags=00000000
    2017-02-04|09:25:31:0660|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0660|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0660|2614|00000c98-000007c8|KERNEL|LOG|PP_CONTAINER PP_UNIQUE_CONTAINER
    2017-02-04|09:25:31:0660|2632|00000c98-000007c8|KERNEL|LOG|pcbDataLen=0x00000028
    2017-02-04|09:25:31:0660|2633|00000c98-000007c8|KERNEL|LOG|pbData:
    6c 65 2d 37 34 39 39 66 66 35 38 2d 65 38 38 33
    2d 34 61 65 36 2d 39 30 38 30 2d 32 36 32 38 30
    63 39 63 32 34 38 37 00
    2017-02-04|09:25:31:0660|2871|00000c98-000007c8|KERNEL|LOG|<====FM_GetProvParam
    2017-02-04|09:25:31:0660|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f25790, dwParam=00000024, pbData=00000000, pcbDataLen=04ca9dfc,

    *pcbDataLen=04ca9e18, dwFlags=00000000
    2017-02-04|09:25:31:0660|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0660|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0660|2614|00000c98-000007c8|KERNEL|LOG|PP_CONTAINER PP_UNIQUE_CONTAINER
    2017-02-04|09:25:31:0660|2871|00000c98-000007c8|KERNEL|LOG|<====FM_GetProvParam
    2017-02-04|09:25:31:0660|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f25790, dwParam=00000024, pbData=07a4ce68, pcbDataLen=04ca9dfc,

    *pcbDataLen=00000028, dwFlags=00000000
    2017-02-04|09:25:31:0660|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0660|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0660|2614|00000c98-000007c8|KERNEL|LOG|PP_CONTAINER PP_UNIQUE_CONTAINER
    2017-02-04|09:25:31:0660|2632|00000c98-000007c8|KERNEL|LOG|pcbDataLen=0x00000028
    2017-02-04|09:25:31:0675|2633|00000c98-000007c8|KERNEL|LOG|pbData:
    6c 65 2d 37 34 39 39 66 66 35 38 2d 65 38 38 33
    2d 34 61 65 36 2d 39 30 38 30 2d 32 36 32 38 30
    63 39 63 32 34 38 37 00
    2017-02-04|09:25:31:0675|2871|00000c98-000007c8|KERNEL|LOG|<====FM_GetProvParam
    2017-02-04|09:25:31:0675|0350|00000c98-000007c8|KERNEL|LOG|====>FM_AcquireContext v2.3.0.2

    phProv=04ca9d1c, szContainer=00000000->(null), dwFlags=f0000040, pVTable=04ca9ce4
    44 ad 35 04 53 60 bc d4 f4 8c 4d 1b 71 5f 37 7d
    2017-02-04|09:25:31:0675|0406|00000c98-

    000007c8|KERNEL|LOG|szTempContainerName=FMDefaultContainer
    2017-02-04|09:25:31:0675|0281|00000c98-000007c8|KERNEL|LOG|====>FCSP_CreateContext
    2017-02-04|09:25:31:0675|0544|00000c98-000007c8|KERNEL|LOG|====>FCSP_GetContext
    2017-02-04|09:25:31:0675|0561|00000c98-000007c8|KERNEL|LOG|<====FCSP_GetContext
    2017-02-04|09:25:31:0675|0291|00000c98-000007c8|KERNEL|LOG|Create Context From Key
    2017-02-04|09:25:31:0675|0060|00000c98-000007c8|KERNEL|LOG|====>FCSP_FindContainerFromKey

    lpszContainerName=FMDefaultContainer
    2017-02-04|09:25:31:0675|0315|00000c98-000007c8|KERNEL|LOG|Container Not Founded From Device
    2017-02-04|09:25:31:0675|0325|00000c98-000007c8|KERNEL|LOG|pProvCtx->hProv = 00000000
    2017-02-04|09:25:31:0675|0379|00000c98-000007c8|KERNEL|LOG|<====FCSP_CreateContext
    2017-02-04|09:25:31:0675|0430|00000c98-000007c8|KERNEL|LOG|<====FM_AcquireContext
    2017-02-04|09:25:31:0675|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f27c58, dwParam=00000006, pbData=00000000, pcbDataLen=04ca9dfc,

    *pcbDataLen=04ca9e14, dwFlags=00000000
    2017-02-04|09:25:31:0675|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0675|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0675|2614|00000c98-000007c8|KERNEL|LOG|PP_CONTAINER PP_UNIQUE_CONTAINER
    2017-02-04|09:25:31:0675|2871|00000c98-000007c8|KERNEL|LOG|<====FM_GetProvParam
    2017-02-04|09:25:31:0675|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f27c58, dwParam=00000006, pbData=07a433e8, pcbDataLen=04ca9dfc,

    *pcbDataLen=00000013, dwFlags=00000000
    2017-02-04|09:25:31:0675|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0675|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0675|2614|00000c98-000007c8|KERNEL|LOG|PP_CONTAINER PP_UNIQUE_CONTAINER
    2017-02-04|09:25:31:0675|2632|00000c98-000007c8|KERNEL|LOG|pcbDataLen=0x00000013
    2017-02-04|09:25:31:0675|2633|00000c98-000007c8|KERNEL|LOG|pbData:
    46 4d 44 65 66 61 75 6c 74 43 6f 6e 74 61 69 6e
    65 72 00
    2017-02-04|09:25:31:0675|2871|00000c98-000007c8|KERNEL|LOG|<====FM_GetProvParam
    2017-02-04|09:25:31:0675|0457|00000c98-000007c8|KERNEL|LOG|====>FM_ReleaseContext

    hProv=07f27c58, dwFlags=00000000
    2017-02-04|09:25:31:0675|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0675|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0675|0394|00000c98-000007c8|KERNEL|LOG|====>FCSP_CloseContext
    2017-02-04|09:25:31:0675|0466|00000c98-000007c8|KERNEL|LOG|<====FCSP_CloseContext
    2017-02-04|09:25:31:0675|0486|00000c98-000007c8|KERNEL|LOG|<====FM_ReleaseContext
    2017-02-04|09:25:31:0675|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f25790, dwParam=00000008, pbData=00000000, pcbDataLen=04ca9e10,

    *pcbDataLen=00000000, dwFlags=00000004
    2017-02-04|09:25:31:0675|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0675|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0675|2752|00000c98-000007c8|KERNEL|LOG|PP_KEYSET_SEC_DESCR
    2017-02-04|09:25:31:0675|2757|00000c98-000007c8|KERNEL|LOG|pbData  is null,*pcbDataLen=20
    2017-02-04|09:25:31:0675|2871|00000c98-000007c8|KERNEL|LOG|<====FM_GetProvParam
    2017-02-04|09:25:31:0675|2535|00000c98-000007c8|KERNEL|LOG|====>FM_GetProvParam

    hProv=07f25790, dwParam=00000008, pbData=07a433e8, pcbDataLen=04ca9e10,

    *pcbDataLen=00000014, dwFlags=00000004
    2017-02-04|09:25:31:0675|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0675|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0675|2752|00000c98-000007c8|KERNEL|LOG|PP_KEYSET_SEC_DESCR
    2017-02-04|09:25:31:0675|2769|00000c98-000007c8|KERNEL|LOG|pbData:
    01 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00
    2017-02-04|09:25:31:0675|1683|00000c98-000007c8|KERNEL|LOG|====>FM_DestroyKey

    hProv=07f25790, hKey=07f276e0
    2017-02-04|09:25:31:0675|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0675|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0675|0041|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckKey
    2017-02-04|09:25:31:0675|0081|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckKey
    2017-02-04|09:25:31:0675|1758|00000c98-000007c8|KERNEL|LOG|<====FM_DestroyKey
    2017-02-04|09:25:31:0675|0457|00000c98-000007c8|KERNEL|LOG|====>FM_ReleaseContext

    hProv=07f25790, dwFlags=00000000
    2017-02-04|09:25:31:0691|0574|00000c98-000007c8|KERNEL|LOG|====>FCSP_CheckContext
    2017-02-04|09:25:31:0691|0587|00000c98-000007c8|KERNEL|LOG|<====FCSP_CheckContext
    2017-02-04|09:25:31:0691|0394|00000c98-000007c8|KERNEL|LOG|====>FCSP_CloseContext
    2017-02-04|09:25:31:0691|0466|00000c98-000007c8|KERNEL|LOG|<====FCSP_CloseContext
    2017-02-04|09:25:31:0691|0486|00000c98-000007c8|KERNEL|LOG|<====FM_ReleaseContext
    2017-02-04|09:25:31:0691|0350|00000c98-000007c8|KERNEL|LOG|====>FM_AcquireContext v2.3.0.2

    phProv=04ca9d38, szContainer=07A4CEC8->le-7499ff58-e883-4ae6-9080-26280c9c2487,

    dwFlags=00000010, pVTable=04ca9d00
    75 77 ef fa b2 74 1b 4f 6d 4f a2 b0 a4 e1 89 65
    2017-02-04|09:25:31:0691|0406|00000c98-000007c8|KERNEL|LOG|szTempContainerName=le-7499ff58-

    e883-4ae6-9080-26280c9c2487
    2017-02-04|09:25:31:0691|0480|00000c98-000007c8|KERNEL|LOG|====>FCSP_DeleteContext
    2017-02-04|09:25:31:0691|0544|00000c98-000007c8|KERNEL|LOG|====>FCSP_GetContext
    2017-02-04|09:25:31:0691|0561|00000c98-000007c8|KERNEL|LOG|<====FCSP_GetContext
    2017-02-04|09:25:31:0691|0531|00000c98-000007c8|KERNEL|LOG|<====FCSP_DeleteContext
    2017-02-04|09:25:31:0691|0430|00000c98-000007c8|KERNEL|LOG|<====FM_AcquireContext

    and the error code on the web page is 0x80004001, Can you give me any advice?

    Thanks!

    Saturday, February 4, 2017 2:53 AM