|
Posted by =?Utf-8?B?Qm9i?= on October 17, 2006, 9:53 am
If you were Registered and logged in, you could reply and use other advanced thread options
I have setup an Ent. Root CA and have a cert I want to pull down through the
Web, but when I load the page http://CAServerName/certserv, I get the
following error.
No certificate templates could be found. You do not have permission to
request a certificate from this CA, or an error occurred while accessing the
Active Directory.
I have found a fix on MS Support that tells me to change the dNSHostName
attribute on the pkiEnrollmentService object in the following location.
CN=CertificateServer,CN=Enrollment Services,CN=Public Key
Services,CN=Services,CN=Configuration,DC=MyDomain,DC=com
But after searching the entire tree there is nothing that resembles what
they say.
Does anyone have a fix.
|
|
Posted by =?Utf-8?B?VHJpY2tlclRyZWF0?= on January 11, 2007, 3:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Bob,
I was having this same problem. Like many I tried the fix that you are
asking about. (Yes it was a little confusing at first on how to find this
path, but it is there). Like many others, this fix did not work for me. I'll
give you two suggestions. One is how to find the pkiEnrollmentService you
asked about, and the second is how I actually fixed it:
1) Open the ADSIEdit.msc tool on the Cert Server. Essentially you have to
follow the path they give you in reverse. So start at the top level
"domain.com", then choose CONFIGURATION-->SERVICES--PUBLIC KEY
SERVICES--ENROLLMENT SERVICES. Then double click the object in the right pane
that should be your cert server name. Find the "dNSHostName" entry. Copy it.
Compare to the entry in the file they mention. Good luck.
2) Double check to make sure that the security on the cert server web pages
is not set for "anonymous access". Once I disabled this and enabled
"integrated windows authentication" it prompted me to logon. I used the admin
account and the templates were there. If you want to continue using the
anonymous account (probably not recommended) then you may have to give the
IUSR_ account rights to the certificate enrollment web site. You may want to
stop/start the web site and Cert server services before trying again.
Good Luck
|
| Similar Threads | Posted | | Changing Cert template in Win2k3 Enterprise PKI CA | September 16, 2005, 11:00 am |
| Root CA cert expires, I renewed but I'm unable to request new cert | March 7, 2006, 3:16 pm |
| Commercial cert vs. Microsoft Certificate Services generated cert | June 21, 2007, 4:23 am |
| Computer cert/User cert 802.x Authentication query | August 7, 2007, 5:20 am |
| Upgrading to Windows 2003 Enterprise Edition Enterprise CA | October 18, 2005, 4:59 am |
| "include in CDP" extention error - Reproducible error: | March 4, 2008, 9:42 pm |
| how do i export a cert from my ca? | February 16, 2006, 10:27 pm |
| Cert Server and RMS | August 23, 2006, 1:35 pm |
| Enterprise PKI. | May 5, 2006, 1:50 pm |
| Enterprise CA | May 31, 2006, 11:29 am |
|
XML site map