Windows 7 amd64 running iexplore.exe 32 bits executes incorrect CertEnrollCtrl.exe 64 bits.
A consecuence of this error is that CertEnrollCtrl.exe quering for HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\MyCSP instead of HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\MyCSP.
Probably, caused by this, its im getting a NTE_PROV_TYPE_NOT_DEF when executing CreateRequest.
A similar issue seen: http://social.technet.microsoft.com/Forums/en-US/whatforum/thread/b9576a7e-3c85-4d7a-b7a8-cd7b522c2959#b9576a7e-3c85-4d7a-b7a8-cd7b522c2959
var x509 = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory");var enroll = x509.CreateObject("X509Enrollment.CX509Enrollment");var priKey = x509.CreateObject("X509Enrollment.CX509PrivateKey");var request = x509.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");var XCN_NCRYPT_UI_NO_PROTECTION_FLAG = 0;var XCN_NCRYPT_ALLOW_EXPORT_FLAG = 1; priKey.KeyProtection = XCN_NCRYPT_UI_NO_PROTECTION_FLAG; priKey.ExportPolicy = XCN_NCRYPT_ALLOW_EXPORT_FLAG;var ContextUser = 1; request.InitializeFromPrivateKey(ContextUser, priKey,""); enroll.InitializeFromRequest(request); priKey.ProviderName = "MyCSP";var XCN_PROV_RSA_FULL = 1; priKey.ProviderType=XCN_PROV_RSA_FULL; enroll.CreateRequest(); //An error is aised with number 2146893801 = NTE_PROV_TYPE_NOT_DEF
Any ideas how could i solve it?
Any ideas how to report it to Microsoft, if confirmed as a bug?
EDIT:
I have been looking in the registry for some possible errors and noticed the following:
[HKEY_CLASSES_ROOT\TypeLib\{728ab348-217d-11da-b2a4-000e7bbb2b09}\1.0\0\win32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728ab348-217d-11da-b2a4-000e7bbb2b09}\1.0\0\win32]
set to "%systemroot%\system32\CertEnroll.dll"
[HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{728ab348-217d-11da-b2a4-000e7bbb2b09}\1.0\0\win32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728ab348-217d-11da-b2a4-000e7bbb2b09}\1.0\0\win32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{728ab348-217d-11da-b2a4-000e7bbb2b09}\1.0\0\win32]
set to "%systemroot%\system32\CertEnroll.dll"
Shouldn't these keys be "%systemroot%\SysWOW64\CertEnroll.dll" or something similar?
(There are different binaries for 32 and 64 on that folders)
I have also noticed some other TypeLib have win64 instead of win32, but i think thats another story...
EDIT2:
Problem confirmed, pending bug confirmation and patch...
Our CSP is compiled for 32 bits only (So, we dont have a dll on system32)
Launch iexplore.exe(32bits) -> create activeX object -> CertEnrollCtrl.exe (64bits) is executed. (This version will try to load 64 bits library and will fail)
Terminate CertEnrollCtrl process and launch the 32 bit version. Retry.
Now the request can continue...(altough it fails, maybe by a CSP error...i have to check)