Executing FedUtil.exe from the Windows Identity Foundation (WIF) SDK fails on a Windows Server 2003 system with the following error dialog:

"Object Identifier (OID) is unknown."


FedUtil.exe and WIF utilize SHA256, and Windows Server 2003 does not natively support it.


Install the following fix and reboot:

Windows Server 2003 and Windows XP clients cannot obtain certificates from a Windows Server 2008-based certification authority (CA) if the CA is configured to use SHA2 256 or higher encryption -


More Information

This issue does not exist in Windows Server 2008 and later.