Retire old smart cards on FIM CM 2010 R2 - Invalid Algorithm Specified 0x80090008 RRS feed

  • Question

  • hi guys,

    consider these structures:  

    old structure: FIM 2010 RTM on Server 2008 + Issuing CA on Server 2003 (SHA1)

    new structure: FIM 2010 R2 on Server 2012 R2 + Issuing CA on Server 2012 R2 (SHA2)

    on the new structure I kept the existing DB, recreated the three agents certificates (used same users), appended and replaced on the web.config and completed the required permissions.

    everything on new structure works as expected including new smart card issuance and retire.

    the problem I'm facing is with all the smart cards issued on the old structure when I'm trying to retire I get error: Invalid Algorithm Specified0x80090008

    any thoughts?

    Also, I plan that all those "old" smart cards users will renew their certificates through self-service based on the same Profile Template with the new SHA2 SC Certificate Template. is that achievable?

    thanks in advance!


    Sunday, February 12, 2017 2:51 PM