Hey Marcos, thank you for your soonest and detailed responds. I made a short research regarding an SHA2 certificates before, fortunately, as been facing some issues with it but related to other software. So, shortly saying, microsoft happily (though it was very strange from them and unexpected LoL) predicted such issues and they created KB 968730 update for SP3 especially, so deploying it, actually lets WinXP to enroll and receive SHA2 certificates.
We can check it later, when you start signing updates with SHA2 only, but, can you please check this issue as well....
Btw, in Exchange Server based on Win Server 2003 R2 SP2 we had the same issue , but solved it using KB968730 update.
And then again, thank you for such a quick and detailed answers.