I am attempting to install a certificate in Win2k Pro .  When I
attempt to install the generated certificate I get the following error
message:

Unable to install the certificate
Please verify that your CSP supports any settings you 
have made and that your input is valid
Error: 0x80090016

I have searched the error codes but none of that advice 
helps.  Any advice 
would be greatly appreciated.

Thanks,
Marty

---

Clarification of Question by martyc2-ga on 12 Mar 2003 07:53 PST

Here is some more info:

I have installed a Stand-alone CA, in a test lab, on a test domain
(server runs Win2k Server 2000, SP3 (all relevant patches).  I used it
to issue certificates on several systems running Win2k Pro SP2.  It
worked fine.  I was able to successfully connect to my RRAS server via
VPN using L2TP/IPSEC.  When I upgraded the clients systems to SP3 I
had no problem.
I then tried to connect to the test CA server from a Win2k Pro client
running SP3.  This time I tried from a client outside the the lab. 
The PC is in our enterprise domain, and subject to all the policies,
etc.
When I try to install the certificate I get the CSP error previously
described.  If I checked the Local Computer machine store, the
certificate shows up, but I am unable to connect to the RRAS server. 
I get a 786 error "no valid certificate error".
I have successfully connected to the test CA, issued certs, and used
them to connect via VPN (L2TP/IPSEC) on several systems running SP2
(on the test domain, as well as the production domain).
The problem appears to be on production domain systems running SP3
(all others can connect).

---

Clarification of Question by martyc2-ga on 12 Mar 2003 07:57 PST

I have spent several hours on the Microsft KB.  I did searches for the
error codes, especially 0x80090016.  I have read dozens of articles
and tried all that seemed possible, including Q319392.  I have
uninstalled, re-installed, stopped and restarted IPSEC Service and
RRAS in various orders, etc....I have also read for a couple of hours
on Google Groups, searching for similar issues...I found several
questions just like mine...all with no threads or answers.

---

Clarification of Question by martyc2-ga on 12 Mar 2003 09:25 PST

More info:

With further testing I have now successfully connected wia L2TP/IPSEC
on a SP2 system....then installed SP3 and was still able to connect.
If I remove the cert and try to request a new one, I cannot install it
(same 0x80090016 error).
The problem seem sto be only on systems on our domain running
SP3....they cannot successfully install the certificate.  I am
exploring security policy issues.

Have you looked/tried:

http://support.microsoft.com/default.aspx?scid=kb;en-us;319392

It would help researchers if you would outline what Microsoft
Knowledge Base articles, etc. you have looked/tried.

Is anythinge being generated in the event log that coincides with these failures?

Nothing in the Event Viewers of either the CA or client.

Found this in google cache

://www.google.ca/search?q=cache:DhgCDesNc7oC:cert.uni-stuttgart.de/archive/usenet/microsoft.public.windowsxp.security_admin/2003/02/msg00236.html+%22Please+verify+that+your+CSP+supports+any+settings+you+%22&hl=en&ie=UTF-8

Hope it helps :)