Windows Server 2003 certificates issue

On a Windows Server 2003-based (or Windows XP-based) computer, you cannot obtain certificates from a Windows Server 2008-based certification authority (CA). This issue occurs if the CA is configured to use SHA2 256 encryption or higher encryption (SHA2 384 or SHA2 512).

In this case, you receive the following event for the certificate auto-enrollment operation:

Event Type: Error
Event Source:     AutoEnrollment
Event Category:   None
Event ID:   13
Description: Automatic certificate enrollment for local system failed to enroll for one Computer2008 certificate (0x80092009). Cannot find the requested object.

When you manually request a certificate by using the Certificates Microsoft Management Console (MMC), you receive the following error message:

The certificate cannot be installed because of one or more of the following conditions:

  • There is a problem with your cryptographic hardware
  • The cryptographic service provider (CSP) that created the request is malfunctioning.

The error was: Cannot find the requested object.

 

Resolving the Windows Server 2003 certificates issue

To resolve this issue, please refer to the Microsoft Support website at https://support.microsoft.com/en-us/kb/968730 where a full description and resolution may be found.