locked
WebDav fails with client certficates on Windows 7 RRS feed

  • Question

  • I have a SharePoint 2007 site on Windows Server 2003 R2 that is set up to require SSL/HTTPS and client certificates on the IIs Web App.
    Opening Document Libraries in Windows Explorer works fine from Windows XP IE6 clients. However, from Windows 7 (64bit) IE8 I get this generic, well known, error:
    Your client does not support opening this list with Windows Explorer.

    Turning off the client certificiate requirement (but still requiring SSL/HTTP) makes it work, so it's not really related to SSL/HTTPS nor is it something fundamental missing in regards of WebDav support. However, I do need client certificates.

    Any ideas?


    My blog: InsomniacGeek.com
    • Moved by Mike Walsh FIN Thursday, April 28, 2011 1:21 PM admin q not general (From:SharePoint - General Question and Answers and Discussion (pre-SharePoint 2010))
    Thursday, April 28, 2011 12:01 PM

Answers

  • The problem is now identified as related to the Schannel Secure Channel security package in an enterprise scenario with more than one smart card.

    Whenever two smart cards (or two certificate providers) are used, the Schannel fails with the following error:

    A fatal error occurred when attempting to access the SSL client credential private key.
    The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003.
     

    And that results in the generic error on the client side.

    Regards,

    Magnus


    My blog: InsomniacGeek.com
    Monday, May 2, 2011 12:34 PM

All replies

  • Sometimes IE8 needs to add your site in trusted zone to enable ActiveX and scripts to run correctly, if it does not run then Sharepoint libraries are not allowed to be opend as it is using activex control internally.

    so just try to add your site in trusted sites and let us know.


    Regards, Vikas Patel

    Decos Software Development Pvt. Ltd. (An ISO 9001:2008 Company)
    www.decos.in | www.decos.com
    Thursday, April 28, 2011 1:50 PM
  • Hi Magnus,

    Unsigned certificate is not accepted in Win 7. Please try to fill out the form in http://localhost/certsrv > Request a Certificate > Advance certificate > Create and submit a request to this CA, then try again.

    I suggest you give a new thread to windows 7 forum, so that more solutions could be provided.

    Best regards,
    Emir

    Monday, May 2, 2011 11:00 AM
  • The problem is now identified as related to the Schannel Secure Channel security package in an enterprise scenario with more than one smart card.

    Whenever two smart cards (or two certificate providers) are used, the Schannel fails with the following error:

    A fatal error occurred when attempting to access the SSL client credential private key.
    The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003.
     

    And that results in the generic error on the client side.

    Regards,

    Magnus


    My blog: InsomniacGeek.com
    Monday, May 2, 2011 12:34 PM
  • Sometimes IE8 needs to add your site in trusted zone to enable ActiveX and scripts to run correctly,
    Thanks, but as I mentioned in the question, it works fine without client certificate requirement and thus is not a zone related issue. (See my reply for the cuase)
    My blog: InsomniacGeek.com
    • Edited by Mike Walsh FIN Monday, May 2, 2011 12:59 PM do not waste screen space via the use of full quote
    Monday, May 2, 2011 12:36 PM
  • Unsigned certificate is not accepted in Win 7. Please try to fill out the


    Thanks, but there is no unsigned certificates involved in this scenario. (See my reply for the cause of the problem)

    /M 

     


    My blog: InsomniacGeek.com
    • Edited by Mike Walsh FIN Monday, May 2, 2011 12:59 PM do not waste screen space via the use of full quote
    Monday, May 2, 2011 12:45 PM