none
Remote Certificate Management RRS feed

  • Question

  • Any time I try to open the certificates mmc and connect to a Windows XP machine and try to delete a certificate, I get a pop-up error message that says:

    The certificate could not be deleted from \\<COMPUTER>\Personal.  The procedure number is out of range.


    The weird thing is, if I connect to the same machine from a Windows XP or Windows 2003 box, I can delete certificates.  Whats the problem here?

     

    Thanks in advance.

    Thursday, April 8, 2010 1:44 PM

Answers

  • Hi Novak,

    Turning off the firewall did not cause items to show in the Personal store.

    Tim, I went to add a certificate to another store, in which I can see entries, and it never showed up in the MMC session, leading me to think that perhaps it is not looking in the proper place at all (e.g., using the the wrong user or something).  Notably I'm not seeing any username/password prompt.  I do have the same username and password defined for both systems, but what if I didn't?

    I'm hesitant, without understanding just what I'm looking at, to delete any certificates that are already there.

    -Noel

    • Marked as answer by Novak Wu Monday, April 19, 2010 6:28 AM
    Thursday, April 15, 2010 2:55 AM

All replies

  • I am unfamiliar with the "certificates mmc" you describe but would like to learn about it...  Do you mean certmgr.msc?  Can you please describe how you're starting it so that it connects to the remote computer?  In return I'll try what you're describing here and let you know whether I see the same issue.

    Thanks.

    -Noel

    Thursday, April 8, 2010 6:25 PM
  • Start -> Run -> MMC

    File -> Add/Remove Snap-In

    Select Certificates on the left and click Add

    Select Computer account and click Next

    Select Another computer, enter the remote computer name

    Click Finish

    Click OK

    You can now expand and navigate through the remote computer's certificate store.  When I was running Windows XP, I had the ability to delete/export/etc. these certificates as if I was sitting at the machine.  I can't delete these now that I'm running Windows 7 Enterprise 32-bit.

    Thursday, April 8, 2010 8:11 PM
  • Thanks for the info, Tim.  Using the process you described I was able to get a view of the certificates on one of my XP Pro 32 bit virtual machines from my host Windows 7 x64 system.  That's a neat trick; thanks for that.

    However...

    To reproduce your issue I had intended to try to delete an old copy of my code signing certificate from the Personal store.  Unfortunately, it would not show me ANYTHING in the \\ComputerName\Personal store at all, even though on the VM console I can see two certificates in there.  Interestingly, the other stores do show certificates in them.  Find Certificates would not turn them up either.  There is definitely a disconnect here; it smells like a bona fide bug.

    Interestingly, at no point was I prompted for username or password.  I have the same username/password is valid (and Administrator) on both host and VM, so it conceivably could have just used the current credentials.

    A check of the error logs on both machines turned up nothing related.

    One other thing:  An attempt to Import a certificate from the remote interface netted an unexpected pop-up:  "Certificate Import Wizard", "Importing a .pfx or .p12 file to a remote certificate store is not supported."

    -Noel

    Thursday, April 8, 2010 11:05 PM
  • More info:  The contents of the Personal store cannot be seen using this method even when connecting from the very same (XP) computer, but the Certificates subheading CAN be seen when the snap-in is added for the Current User.  You're actually seeing a Certificates subheading under Personal?  Am I missing setting something up properly?

    -Noel

     

    Thursday, April 8, 2010 11:35 PM
  • See that's strange because I can see certificates in the store - including \\<ComputerName>\Personal - I just can't delete them.  Can you delete any certs out of any of the other stores?
    Monday, April 12, 2010 12:47 PM
  • Hi,

     

    This issue can occur by incorrect permission or firewall. Here are some suggestions you can try:

     

    1. Temporarily disable firewall on each machine.

    2. Assure the user has enough permission to modify the certificates on the Remote machine. Try to create another admin user account for a test.

     

    If the issue persists, please help to capture the error message andupload itfor research.

     

    Thanks,

    Novak

    Thursday, April 15, 2010 2:00 AM
  • Hi Novak,

    Turning off the firewall did not cause items to show in the Personal store.

    Tim, I went to add a certificate to another store, in which I can see entries, and it never showed up in the MMC session, leading me to think that perhaps it is not looking in the proper place at all (e.g., using the the wrong user or something).  Notably I'm not seeing any username/password prompt.  I do have the same username and password defined for both systems, but what if I didn't?

    I'm hesitant, without understanding just what I'm looking at, to delete any certificates that are already there.

    -Noel

    • Marked as answer by Novak Wu Monday, April 19, 2010 6:28 AM
    Thursday, April 15, 2010 2:55 AM
  • Hi,

     

    This issue can occur by incorrect permission or firewall. Here are some suggestions you can try:

     

    1. Temporarily disable firewall on each machine.

    2. Assure the user has enough permission to modify the certificates on the Remote machine. Try to create another admin user account for a test.

     

    If the issue persists, please help to capture the error message andupload itfor research.

     

    Thanks,

    Novak

    The firewall is disabled and I am testing this with a domain admin account.  I'll check out the upload because I think I've checked all the basics...
    Thursday, April 15, 2010 1:59 PM
  • OK. Please upload the error message for further research.

     

    Regards,

    Novak

     

    Friday, April 16, 2010 3:42 AM
  • In order to access a remote computer certificate store you need to enable Remote Registry Service in services.msc on the workstation you want to access.

    In my case I enabled a temp group policy on workstations until I cleaned up the certificates I did not want users to have.

    Hope this helps.

    • Proposed as answer by Rudi Degrande Thursday, March 23, 2017 10:13 AM
    Monday, March 6, 2017 4:57 PM