Re: Certificate Template Creation
- From: "andy webb" <awebb@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 4 Mar 2008 13:51:11 -0600
what I would do is this:
1. tear down the CA you have on the domain controller.
2. on your Enterprise server, install Virtual Server, then build a VM running Enterprise (you are licensed for up to 4!) to be your standalone, offline rootCA
3. copy that VM once all patched and happy and run sysprep on it to create a second VM to be your Enterprise CA. Configure it to integrate with AD and publish CRL's and AIA to AD.
4. create your certificate template on the Enterprise CA
"RAZ" <RAZ@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:87679F36-478C-4C06-A4E6-2D1BC59F4AD8@xxxxxxxxxxxxxxxx
We have a small domain with two Win2K3 servers. My so called PDC is our
Certificate Authority. This server is Standard edition. My other domain
controller is receiving autoenrollment events in the event viewer with the
following message:
"Automatic certificate enrollment for local system failed to enroll for one
Domain Controller certificate (0x80070005). Access is denied."
The second domain controller is Win2K3 Enterprise edition. I tried
installing a new smart card certificate template but learned I can't do that
with the PDC because it is standard edition which won't allow V2 template
creation.
How can I solve this issue? Is it wise to have more then one certificate
authority on a small domain?
.
- References:
- Certificate Template Creation
- From: RAZ
- Certificate Template Creation
- Prev by Date: Local Password Policy Setting - Windows Sever 2003 R2 64
- Next by Date: Re: Local Password Policy Setting - Windows Sever 2003 R2 64
- Previous by thread: Certificate Template Creation
- Next by thread: Local Password Policy Setting - Windows Sever 2003 R2 64
- Index(es):
Relevant Pages
|
