<Issue #1>
Problem description
Get certificate error while navigating to https sites.

Possible root cause for such issue could be:
1) The certificate does not match the name of the site
2) You have not trusted the certification authority at the root
3) Certificate is invalid due to incorrect time setting

Root cause for this certain issue is the 3rd one.

The resolution for this certain issue is to correct system time.

Generally, before finding root cause, you have to do following:
To relief the pain, you can use a workaround to resolve this issue first,
which is to ignore certificate errors.
1) Start -> type “gpedit.msc” in Start Search box
2) In Group Policy MMC, navigate to Local Computer Policy -> Computer
Configuration -> Administrative Templates -> Windows Components -> Internet
Explorer -> Internet Control Panel
3) Disable “Prevent ignoring certificate errors”
4) Open a command prompt, type “gpupdate /force”

To narrow down the issue:
1. Examine the certificate for name and valid time
2. Check if the root certificate is in Trusted Root Certification

To resolve it:
1.Make sure system time is correct

2.Install good root certificate to “Trusted Root Certificate Authority” of
1) Copy the file entrust.cer to your system
2) Run “MMC”, click  “Add/Remove Snap in” from file menu, please choose
“Certificate” -> “Computer Account” -> ” Local Computer” then finish.
3) Expand Certificate(local computer), right click “Trusted Root Certificate
Authority” -> “All Tasks” -> “Import”.
4) Follow the wizard to import this save root certificate file.

3. If still not work, please copy certutil.exe and certadm.dll to
c:\windows\system32 and run(valid for XP):
1) Open a command prompt
2) certutil -verify -urlfetch entrust.cer

<Issue #2>
Problem description
Windows Update is required repeatedly every system shutdown and every update
progress takes long time.

Some KB has not been successfully installed after being downloaded by
Automatic Update service.

1. Check Windows Update history for failure

2. Clean Softwaredistribution folder

3. Download the KB which failed to be installed from Microsoft and manually
install it

Install the update in Safe Mode

Useful articles:
How to troubleshoot Windows Update or Microsoft Update when you are
repeatedly offered an update

Microsoft Update Solution Center
Microsoft Windows Update (All Languages)

<Issue #3>
Problem description
You want to enable computer B(in workgroup) to access share on computer A(in
domain with a shutdown DC).

You cannot access share by directly clicking share folder, because in this
way, you cannot provide user credential.

Usually, if you want to access share on computer A, you have to have either
local user credential of A or domain user credential if A is in a domain
with good DC. Therefore, in this case, DC of the domain which computer A in
is down, you have to use local user credential of A, otherwise no DC to
validate the trust relationship.

You can access A by UNC name:
1) On computer B, Start -> Run -> type UNC name of the share folder, like
2) And then there will be a prompt for you to input user credential
3) Then input local user credential of A

If you want to move computer A out of domain, you need to do following:
1) Log off current domain user

2) Switch to use local administrator to logon A locally, e.g. at the logon
dialog box
User name: computerA\administrator
Password: password of local administrator

3) Once you logon locally,
a) Computer -> Properties -> Computer Name -> Change -> Check radio button
of Workgroup and input workgroup name and click OK
b) You will be prompted to input user credential
c) Just go ahead to do so with local administrator credential
d) Computer A will be moved from domain to workgroup

<Issue #4>
Problem description
Migrate domain user to local in Vista, however Moveuser tool cannot run in

Moveuser is not compatible with Vista

Moveuser.exe can be used after Win32_UserProfile WMI Provider has been
installed in Vista
1) I install the KB 930955 on a Vista machine
2) Copy moveuser.exe and profmap.dll from a 2003 server to the Vista machine
3) Then run moveuser.exe under a command prompt which is launched with “Run
as Administrator”

Another method is using USMT:
My shared path to store temp user profile is: \\ewin2k3entsp2\usmt
My domain/user is abba/cindy1
My local user is cindy4

1) Logon Vista computer with domain Administrator account, download and
install USMT3.0.1
2) Open command prompt with “Run as administrator”, change directory to
c:\program files\usmt301
3) Run scanstate \\ewin2k3entsp2\usmt /ue:*\* /ui:abba/cindy1 /i:miguser.xml
/i:migapp.xml /o

/ue:*\* is to exclude all users
/ui:abba/cindy1 is to ensure only abba/cindy1 will be migrated
/o: Overwrites any existing data in the store. If not specified, ScanState
will fail if the store already contains data. You cannot specify this option
more than once on a command line.

4) Run loadstate /i:miguser.xml /i:migapp.xml \\ewin2k3entsp2\usmt

/mu:abba/cindy1:cindy4 is to specify a new local user name for the old
domain user.

5) If it doesn’t work for you, please use a simpler way as below:
Copy the USMT3.MIG file from shared store to this Vista machine;
Then double click it, Windows Easy Transfer will launch;
Create a new local user for migration when it asks you to do so;
Then it will help you to migrate domain account information to this new
local user account.

6) Please add the local user in local Administrators group, also don’t
forget to create password for it due to the password cannot be migrated.

7) Then disjoin this computer from domain and logon locally with the new
local user account.

Windows Internet Explorer 8 Beta 2 for Windows XP

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

Vista Security Benefits

TechNet Events: Windows Vista, Windows Power Shell and Group Policy


Comments are closed.