Symptoms

Executing FedUtil.exe from the Windows Identity Foundation (WIF) SDK fails on a Windows Server 2003 system with the following error dialog:

"Object Identifier (OID) is unknown."

Cause


FedUtil.exe and WIF utilize SHA256, and Windows Server 2003 does not natively support it.

Resolution

Install the following fix and reboot:

Windows Server 2003 and Windows XP clients cannot obtain certificates from a Windows Server 2008-based certification authority (CA) if the CA is configured to use SHA2 256 or higher encryption - http://support.microsoft.com/kb/968730

 

More Information


This issue does not exist in Windows Server 2008 and later.