A service that is running in the Microsoft Windows operating system context cannot make a Secure Sockets Layer (SSL) connection by using Microsoft Secure Channel (SChannel) authentication with a default client certificate. For example, this scenario may occur when you are configuring a Microsoft Exchange Server Simple Mail Transfer Protocol (SMTP) connector to use the Transport Layer Security (TLS) protocol.
This problem occurs because SChannel looks for the default client certificate in the following registry subkey:
However, the default client certificate is stored in the following registry subkey:
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix. Note
If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note
The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
No prerequisites are required.
You must restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone
tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
24-Mar-2004 02:17 5.0.2195.6876 388,368 Advapi32.dll
24-Mar-2004 02:17 5.0.2195.6866 69,904 Browser.dll
24-Mar-2004 02:17 5.0.2195.6824 134,928 Dnsapi.dll
24-Mar-2004 02:17 5.0.2195.6876 92,432 Dnsrslvr.dll
24-Mar-2004 02:17 5.0.2195.6883 47,888 Eventlog.dll
24-Mar-2004 02:17 5.0.2195.6890 143,632 Kdcsvc.dll
11-Mar-2004 02:37 5.0.2195.6903 210,192 Kerberos.dll
21-Sep-2003 00:32 5.0.2195.6824 71,888 Ksecdd.sys
11-Mar-2004 02:37 5.0.2195.6902 520,976 Lsasrv.dll
25-Feb-2004 23:59 5.0.2195.6902 33,552 Lsass.exe
11-Mar-2004 02:37 5.0.2195.6897 123,152 Msv1_0.dll
24-Mar-2004 02:17 5.0.2195.6897 312,592 Netapi32.dll
24-Mar-2004 02:17 5.0.2195.6891 371,472 Netlogon.dll
24-Mar-2004 02:17 5.0.2195.6896 1,028,880 Ntdsa.dll
24-Mar-2004 02:17 5.0.2195.6897 388,368 Samsrv.dll
24-Mar-2004 02:17 5.0.2195.6893 111,376 Scecli.dll
24-Mar-2004 02:17 5.0.2195.6903 253,200 Scesrv.dll
19-Apr-2004 23:20 5.1.2195.6920 147,216 Schannel.dll
05-Feb-2004 20:18 5.0.2195.6896 5,869,056 Sp3res.dll
24-Mar-2004 02:17 5.0.2195.6824 50,960 W32time.dll
21-Sep-2003 00:32 5.0.2195.6824 57,104 W32tm.exe
If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To work around this problem, move the SystemCertificates subkey from the HKEY_LOCAL_MACHINES subtree to the HKEY_USERS subtree. To do this, follow these steps:
- Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
Locate and then click the following subkey:
On the registry File menu, click Export Registry File....
In the Save in box, select a location to save the .reg file, type Certificates.reg in the File name box, and then click Save.
Minimize Registry Editor.
Open the Certificates.reg file in Notepad.
Replace every occurrence of "HKEY_LOCAL_MACHINE" with "HKEY_USERS\.DEFAULT."
Save the file and quit Notepad.
Maximize Registry Editor.
On the registry File menu, click Import Registry File....
Select the Certificates.reg file that you saved, and then click Open.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
New file naming schema for Microsoft Windows software update packages
Description of the standard terminology that is used to describe Microsoft software updates