The ISmsMessage4::VerifyServerSignature method, in Configuration Manager, verifies the signature of the payload of a reply message.

HRESULT VerifyServerSignature(
	 LPCWSTR  szStoreName



Data type: MPAPI_CERT_STORE_LOCATIONQualifiers: [in]The location of the store. Possible values are defined for MPAPI_CERT_STORE_LOCATION Enumeration.

Data type: LPCWSTRQualifiers: [in]Null-terminated string specifying the store name.

Return Values

An HRESULT code. Possible values include, but are not limited to, the following:


The method succeeded.


This method is applicable to both mixed and native security modes.

The certificate store must contain the public portion of the certificates for all management points that can possibly receive the message.

The method used to get the store name depends on whether you are using mixed mode or native mode security.

Mixed Mode

If you are running in mixed-mode, you use the custom identifier (OID) / Friendly name obtained from the following location in the Configuration Manager store.

  Copy Code
 SMS Signing Certificate

The required enhanced key usage is

For more information, see

Native Mode

If you are running in mixed mode, you can use the certificate on the Internet Information Services (IIS) Web site that the Configuration Manager 2007 management point uses.

To get the certificate, do the following:

Get the certificate store

Look up certificate store by getting the management point Web site from the registry location HKEY_LOCAL_MACHINE\Software\\Microsoft\\SMS\\IIS\ MPCWSPath. Then, get the certificate store using the IMSAdminBase interface. The identifier for the store is 5511.

Get the certificate hash

To get the hash, use the IMSAdminBaseInterface. The identifier for the hash is 5506.

Get the certificate

Use the CertOpenStore ( to open the store, and then use CertEnumCertificatesInStore ( method to look up the certificate context. Finally use CertFindCertificateInStore ( to get the certificate.

If you are using Network Load Balancing (NLB), provide the certificate for each computer in the NLB cluster.


See Also

Send comments about this topic to Microsoft.