diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 9365a222b8..1c113c16ad 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -754,10 +754,13 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
         if (CRYPT_IsSimpleChainCyclic(chain))
         {
             /* If the chain is cyclic, then the path length constraints
-             * are violated, because the chain is infinitely long.
+             * are violated, because the chain is infinitely long.  MS
+             * misleadingly also sets the not supported name constraint bit,
+             * whether or not name constraints were present.
              */
             pathLengthConstraintViolated = TRUE;
             chain->TrustStatus.dwErrorStatus |=
+             CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
              CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
         }
         /* FIXME: check valid usages */
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 5752eff45d..772da0f9f6 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1530,7 +1530,7 @@ static ChainCheck chainCheck[] = {
      { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
        CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
      1, simpleStatus9 },
-   TODO_ERROR | TODO_INFO },
+   TODO_INFO },
  { { sizeof(chain10) / sizeof(chain10[0]), chain10 },
    { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
      { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 }, 0 },