While trying to deploy the Microsoft Online Services Single Sign-On Tool for a customer migrating to BPOS, I found myself sitting at a customer's computer banging my head against the wall. When I'd launch the tool and sign in as the user, I kept on getting the "Unable to prepare certificate" error.
The MSOL tool is dependent on a number of things:
- .NET Framework 2.0 or later
- Correct time (within 5 minute skew of the MSOL servers)
- Internet Explorer as your default browser
I was OK on the firsts two items, but I had noticed that my customer had installed both Firefox and Chrome. No big deal, right? I launch IE and set it as the default browser and attempt to reconfigure the sign-on tool (to no avail).
I proceed to follow the traditional troubleshooting steps:
- Uninstall/reinstall Online Services Single Sign-On Tool
- Uninstall/reinstall .NET Framework from 4.0 down to 2.0 and back again
- Reset IE to default settings.
Neither of these fixed my problem.
I launched IE and was faced with what I thought was an annoyance--the "Manage Add-Ons" window kept popping up with my default search providers. I'd set it, close IE, restart, and get the dialog box again.
I thought, "Now I'm getting somewhere." I thought maybe there was a piece of malware affecting the customer's system, so I downloaded one of my favorite programs, ran a scan, and didn't find anything.
In the end, I stumbled upon a tip from another hapless soul facing my same problem:
1. Make sure all IE windows are closed. To be sure, you can open a command prompt and run taskkill /im iexplore.exe /f .
2. Open Regedit.
3. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.
4. Right-click, point to New > Expandable String Value.
5. Type AppData and press ENTER.
6. Double-click the new AppData value and enter %userprofile%\Application Data and click OK.
7. Try launching IE again.