Certificate Services

From: "Lori" <Lori@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 30 Jul 2005 06:36:01 -0700

About 6 weeks ago, our Enterprise CA stopped working. We cannot request or
create certs. And, we did not have a second CA on the domain.

This is the error I rec'd when I try to request a cert. It doesn't matter
whether I request as a user or Enterprise Admin.

Certificate Request Denied

Your certificate request was denied.

Your Request Id is 1117. The disposition message is "Denied by Policy Module
0x80094800, The request was for a certificate template that is not supported
by the Certificate Services policy: User. ".

I noticed this error in the event logs of my DCs: Automatic enrollment
against the certification authority george for a certificate of type
DomainController has failed. (0x80094800) The requested certificate template
is not supported by this CA.
.. Another certification authority will be tried.

I'm not too CA savy. Any ideas?

Thank you,

Lori

P.S. Now we are seeing other problems on the domain that we suspect is
related to the CA.
.

Follow-Ups:
- RE: Certificate Services
  - From: Lori

Prev by Date: Re: Remote Access...
Next by Date: RE: Certificate Services
Previous by thread: Mapped Drives
Next by thread: RE: Certificate Services
Index(es):
- Date
- Thread

Relevant Pages

Re: Enterprise vs Standalone CA
... > and read the necessary document and it looks like Enterprise is the way ... >> The enterprise CAs work closely with the AD. ... >> intervention for decisions of cert issuance, request ... It will issue only a handful of certs ...
(microsoft.public.win2000.security)
Re: Enterprise vs Standalone CA
... > A decision between Stand Alone and Enterprise CAs is not just based on one ... > The enterprise CAs work closely with the AD. ... > issue certs based on domain authentication (and thus usually only to domain ... > intervention for decisions of cert issuance, request ...
(microsoft.public.win2000.security)
Re: Computer and User Certificates Issues
... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ...
(microsoft.public.security)
Re: Cannot request computer certificate.
... request a computer certificate for about 9 months. ... and verify that you can get a computer/server certificate from it. ... List of NetBt transports currently bound to the Redir ... DNS Host Name: srvr3.domain.com ...
(microsoft.public.windows.server.security)
RE: SIMple SSL question ??
... OK - i would also delete a cert request file lying around. ... But a certificate is a pub key + extra info. ... That said - if someone compromises the server he will also find a way to retrieve the private key. ... traffic between the initial web server and the client. ...
(microsoft.public.dotnet.security)