000019888 - Keon: How to install KCA 6.0.2 after Microsoft Xenroll.dll patch has been installed

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019888
Applies ToKeon Certificate Authority 6.0.2
Microsoft Windows 2000
Microsoft Windows NT 4.0
Microsoft Internet Explorer
IssueKeon: How to install KCA 6.0.2 after Microsoft Xenroll.dll patch has been installed
KCA 6.0.2 builds older than build 111 (i.e. 105 and 107) fail to install if the Microsoft Xenroll.dll patch has already been installed
During the browser-part of the KCA installation, Internet Explorer displays the following messages in a single dialog box when the Root Certificate is about to be created:
"VBScript: Certificate request"
"No certificate request was made"
"If you don't know what caused this, please contact support@rsasecurity.com. Please indicate the version of the Microsoft Internet Explorer browser you are using and the information you've entered."
CauseMicrosoft released a security fix for an ActiveX control that is known as the Certificate Enrollment control (Xenroll.dll). This new version of the control impacts the certificate enrollment process through Internet Explorer. The Microsoft document for this security fix is Q323172, available from http://support.microsoft.com.
ResolutionThere are three alternatives to continue the installation of KCA:

A. Install Keon Certificate Authority 6.0.2 build 111 or later
-----------------------------------------------------------------------------------------
You may remove the failed installation by going to Start -> Settings -> Control Panel -> Add/Remove Programs and uninstalling the following components:
- RSA Keon CA Install Directory Server
- RSA Keon CA Install Web Server
Afterwards, you can install the latest build of Keon Certificate Authority 6.0.2. Contact RSA Security Technical Support to get the latest full KCA release.

B. Uninstall the Microsoft Xenroll.dll patch
-----------------------------------------------------------------------------------------
NOTE: This is a temporary solution. Please upgrade to Keon Certificate Authority 6.0.2 build 111 or later as soon as possible and reinstall the Microsoft Security fix.

1. Go to Start -> Settings -> Control Panel -> Add/Remove Programs and uninstall the following component: "Windows 2000 Hotfix (Pre-SP4) [See q323172 for more information]"
2. Restart the computer
3. On Windows NT go to Start -> Settings -> Control Panel -> Services
        --OR--
   On Windows 2000 go to Start -> Settings -> Control Panel -> Administrative Tools -> Services and start the following services:
        - RSA Keon CA Install Directory Server
        - RSA Keon CA Install Web Server
4. Start Internet Explorer and connect again to the URL (i.e. http://KCAserver.domain.com:randomly assigned port) that was being used for the Web-based part of the installation

C. Use Netscape Communicator for the Web browser part of the installation
-----------------------------------------------------------------------------------------
If you already got the error in IE, you can safely restart the Web-based part of the installation using Netscape Communicator 4.7X (connect to the same URL you were connected to for the Web-based part of the installation)
Legacy Article IDa13184

Attachments

    Outcomes