Re: SBS2003Premium Certification Authority from HELL!!!

HI PG,

>From your description, it seems a lot of template has the permission issue?
Can I assume that all the permission of this grey template encountered the
same issue when you try to change the permission and the permission the
security section is not correct as I referred to?

If so, I suggest you make sure that you logon the SBS server with
Enterprise Admin, it seems to be the permission issue, if possible please
make sure that you logon via Built-in Enterprise Admin to see if the
problem can be cleared,

Thanks for your effort.



Best regards,

Charles Yang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "PG" <*@*.*>
| References: <#sK5fqquFHA.3688@xxxxxxxxxxxxxxxxxxxx>
<tiIB9hYvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
<OCcZJ8dvFHA.3080@xxxxxxxxxxxxxxxxxxxx>
<biaXSFkvFHA.3020@xxxxxxxxxxxxxxxxxxxxx>
<#iTzmgpvFHA.3252@xxxxxxxxxxxxxxxxxxxx>
<MQvDERxvFHA.580@xxxxxxxxxxxxxxxxxxxxx>
<u6mrIB1vFHA.4032@xxxxxxxxxxxxxxxxxxxx>
<AtVfNj1vFHA.780@xxxxxxxxxxxxxxxxxxxxx>
<#yfejE2vFHA.708@xxxxxxxxxxxxxxxxxxxx>
<34gfuxBwFHA.2960@xxxxxxxxxxxxxxxxxxxxx>
<Hlv7FVCwFHA.580@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| Date: Fri, 23 Sep 2005 11:39:53 +0100
| Lines: 1168
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Message-ID: <Oi6nhtCwFHA.552@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 62.48.233.71
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:155851
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Charles,
|
| I went to DCOMCNFG and on the Launch permission it was empty, and I added
| Everyone with (Launch permission---Allow)
| and in the Access permission it is everyone (Access permission---Allow),
so
| I didn't have to change it.
| Could not find anything that refered to (Local Activation Remote
Activation)
| or (Local Access Remote Access) as you sayd. Only (Launch Permission) and
| (Access Permission).
|
| After applying the changes to DCOM I tryed to request a certificate, and
the
| same error ocurred. Duplicated a Template and still the same error. :(
| "No certificate templates could be found. You do not have permission to
| request a certificate from this CA,or an error occurred while accessing
the
| Active Directory."
|
| In response to your question, all the certificates templates, from the
| pictures I sent you, that are greyd out have permissions issues, and
don't
| let me add or change permissions for those certificates.
|
| :(
|
|
| ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:Hlv7FVCwFHA.580@xxxxxxxxxxxxxxxxxxxxxxxx
| > HI PG,
| >
| > Thanks for updates.
| >
| > After making research, I find solutions for you, please refer to the
steps
| > below:
| >
| > 1 Open DCOMCNFG
| > 2- Select Componect Services
| > ---Computers
| > ----My Computer
| > ------Dcom Config
| > ---- CertSrv Request
| > 3- Open properties and verify Security permission for Launch and
| > Activation
| > Permissions (Should be Customize --Everyone ---Local Activation Remote
| > Activation)
| >
| > Access Permissions (Should be Customize -Everyone ---Local Access Remote
| > Access)
| >
| > If the issue still exists, please recreate a certificate template to
see
| > if
| > the issue can be resolved. You can try to request a certificate via a
new
| > template. From your screenshot we found only one of the template you
| > encountered permission issue, can we assume it is the certificate
template
| > you use for the certificate?
| >
| > Thanks for understanding on this issue, please feel free to post back.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | X-Tomcat-ID: 138385008
| > | References: <#sK5fqquFHA.3688@xxxxxxxxxxxxxxxxxxxx>
| > <tiIB9hYvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
| > <OCcZJ8dvFHA.3080@xxxxxxxxxxxxxxxxxxxx>
| > <biaXSFkvFHA.3020@xxxxxxxxxxxxxxxxxxxxx>
| > <#iTzmgpvFHA.3252@xxxxxxxxxxxxxxxxxxxx>
| > <MQvDERxvFHA.580@xxxxxxxxxxxxxxxxxxxxx>
| > <u6mrIB1vFHA.4032@xxxxxxxxxxxxxxxxxxxx>
| > <AtVfNj1vFHA.780@xxxxxxxxxxxxxxxxxxxxx>
| > <#yfejE2vFHA.708@xxxxxxxxxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain
| > | Content-Transfer-Encoding: 7bit
| > | From: v-chayan@xxxxxxxxxxxxxxxxxxxx ("Charles Yang [MSFT]")
| > | Organization: Microsoft
| > | Date: Fri, 23 Sep 2005 08:54:33 GMT
| > | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | Message-ID: <34gfuxBwFHA.2960@xxxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Lines: 797
| > | Path: TK2MSFTNGXA01.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:155820
| > | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
| > |
| > | HI PG,
| > |
| > | Currently, I am performing research on this issue, I will return to
you
| > as
| > | soon as possible, please understand that it might be some delay due to
| > the
| > | weekend.
| > |
| > | Thanks for your understanding.
| > |
| > |
| > | Best regards,
| > |
| > | Charles Yang (MSFT)
| > |
| > | Microsoft CSS Online Newsgroup Support
| > |
| > | Get Secure! - www.microsoft.com/security
| > |
| > | ======================================================
| > | This newsgroup only focuses on SBS technical issues. If you have
issues
| > | regarding other Microsoft products, you'd better post in the
| > corresponding
| > | newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | You can locate the newsgroup here:
| > | http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > |
| > | When opening a new thread via the web interface, we recommend you
check
| > the
| > | "Notify me of replies" box to receive e-mail notifications when there
| > are
| > | any updates in your thread. When responding to posts via your
| > newsreader,
| > | please "Reply to Group" so that others may learn and benefit from your
| > | issue.
| > |
| > | Microsoft engineers can only focus on one issue per thread. Although
we
| > | provide other information for your reference, we recommend you post
| > | different incidents in different threads to keep the thread clean. In
| > doing
| > | so, it will ensure your issues are resolved in a timely manner.
| > |
| > | For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | check http://support.microsoft.com for regional support phone numbers.
| > |
| > | Any input or comments in this thread are highly appreciated.
| > | ======================================================
| > | This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > |
| > |
| > | =====================================================
| > | When responding to posts, please "Reply to Group" via your newsreader
so
| > | that others may learn and benefit from your issue.
| > | =====================================================
| > |
| > | This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > |
| > | --------------------
| > | | From: "PG" <*@*.*>
| > | | References: <#sK5fqquFHA.3688@xxxxxxxxxxxxxxxxxxxx>
| > | <tiIB9hYvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
| > | <OCcZJ8dvFHA.3080@xxxxxxxxxxxxxxxxxxxx>
| > | <biaXSFkvFHA.3020@xxxxxxxxxxxxxxxxxxxxx>
| > | <#iTzmgpvFHA.3252@xxxxxxxxxxxxxxxxxxxx>
| > | <MQvDERxvFHA.580@xxxxxxxxxxxxxxxxxxxxx>
| > | <u6mrIB1vFHA.4032@xxxxxxxxxxxxxxxxxxxx>
| > | <AtVfNj1vFHA.780@xxxxxxxxxxxxxxxxxxxxx>
| > | | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| > | | Date: Thu, 22 Sep 2005 11:32:11 +0100
| > | | Lines: 785
| > | | X-Priority: 3
| > | | X-MSMail-Priority: Normal
| > | | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | | X-RFC2646: Format=Flowed; Original
| > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | | Message-ID: <#yfejE2vFHA.708@xxxxxxxxxxxxxxxxxxxx>
| > | | Newsgroups: microsoft.public.windows.server.sbs
| > | | NNTP-Posting-Host: 62.48.233.71
| > | | Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| > | | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:155518
| > | | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | |
| > | | Hi Charles,
| > | |
| > | | 1. I sent all the logs you requested to your e-mail.
| > | |
| > | | 2. Done that also.
| > | |
| > | | 3. No changes done...that I can remember
| > | |
| > | | Thanks
| > | |
| > | | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in
| > message
| > | | news:AtVfNj1vFHA.780@xxxxxxxxxxxxxxxxxxxxxxxx
| > | | > Hi PG,
| > | | >
| > | | > After checking your screen shot, we decide to collect more
| > information,
| > | as
| > | | > this issue should relate to AD setting:
| > | | >
| > | | > 1. Please send me all the event log except the application and
| > system
| > | | > event
| > | | > log that you have already sent to me.
| > | | > 2. please also run netdiag -v and dcdiag -v on the SBS server and
| > send
| > | the
| > | | > results to me also.
| > | | > 3. If possible, could you tell us if have changed any setting on
AD
| > or
| > | on
| > | | > SBS server. As the screen shot point that you have some problem in
| > query
| > | | > user objects on DC.
| > | | >
| > | | > I appreciate your effort on this issue.
| > | | >
| > | | >
| > | | >
| > | | > Best regards,
| > | | >
| > | | > Charles Yang (MSFT)
| > | | >
| > | | > Microsoft CSS Online Newsgroup Support
| > | | >
| > | | > Get Secure! - www.microsoft.com/security
| > | | >
| > | | > ======================================================
| > | | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | | > regarding other Microsoft products, you'd better post in the
| > | corresponding
| > | | > newsgroups so that they can be resolved in an efficient and timely
| > | manner.
| > | | > You can locate the newsgroup here:
| > | | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | | >
| > | | > When opening a new thread via the web interface, we recommend you
| > check
| > | | > the
| > | | > "Notify me of replies" box to receive e-mail notifications when
| > there
| > | are
| > | | > any updates in your thread. When responding to posts via your
| > | newsreader,
| > | | > please "Reply to Group" so that others may learn and benefit from
| > your
| > | | > issue.
| > | | >
| > | | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | | > provide other information for your reference, we recommend you
post
| > | | > different incidents in different threads to keep the thread
clean.
| > In
| > | | > doing
| > | | > so, it will ensure your issues are resolved in a timely manner.
| > | | >
| > | | > For urgent issues, you may want to contact Microsoft CSS directly.
| > | Please
| > | | > check http://support.microsoft.com for regional support phone
| > numbers.
| > | | >
| > | | > Any input or comments in this thread are highly appreciated.
| > | | > ======================================================
| > | | > This posting is provided "AS IS" with no warranties, and confers
no
| > | | > rights.
| > | | >
| > | | >
| > | | > =====================================================
| > | | > When responding to posts, please "Reply to Group" via your
| > newsreader
| > so
| > | | > that others may learn and benefit from your issue.
| > | | > =====================================================
| > | | >
| > | | > This posting is provided "AS IS" with no warranties, and confers
no
| > | | > rights.
| > | | >
| > | | > --------------------
| > | | > | From: "PG" <*@*.*>
| > | | > | References: <#sK5fqquFHA.3688@xxxxxxxxxxxxxxxxxxxx>
| > | | > <tiIB9hYvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
| > | | > <OCcZJ8dvFHA.3080@xxxxxxxxxxxxxxxxxxxx>
| > | | > <biaXSFkvFHA.3020@xxxxxxxxxxxxxxxxxxxxx>
| > | | > <#iTzmgpvFHA.3252@xxxxxxxxxxxxxxxxxxxx>
| > | | > <MQvDERxvFHA.580@xxxxxxxxxxxxxxxxxxxxx>
| > | | > | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| > | | > | Date: Thu, 22 Sep 2005 09:31:33 +0100
| > | | > | Lines: 597
| > | | > | X-Priority: 3
| > | | > | X-MSMail-Priority: Normal
| > | | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | | > | X-RFC2646: Format=Flowed; Original
| > | | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | | > | Message-ID: <u6mrIB1vFHA.4032@xxxxxxxxxxxxxxxxxxxx>
| > | | > | Newsgroups: microsoft.public.windows.server.sbs
| > | | > | NNTP-Posting-Host: 62.48.233.71
| > | | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| > | | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:155493
| > | | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | | > |
| > | | > | Hi Charles,
| > | | > |
| > | | > | I started to go through the points you reffered bellow and
on
| > the
| > | | > second
| > | | > | point(Permissions settings) everything checked out ok except
for
| > the
| > | | > | certificates templates permissions again, I'm unable to change
| > | | > permissions
| > | | > | on some certificates, but others are ok! I'm sending you some
| > | compressed
| > | | > | pictures to your e-mail so you can try and see if this is
normal,
| > or
| > | | > not.
| > | | > | I didn't want to continue following your suggestions(to
| > reinstall
| > | | > the
| > | | > | CA) before you had a look at the pictures I sent you.
| > | | > |
| > | | > | Thanks
| > | | > | PG
| > | | > |
| > | | > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in
| > | message
| > | | > | news:MQvDERxvFHA.580@xxxxxxxxxxxxxxxxxxxxxxxx
| > | | > | > Hi,
| > | | > | >
| > | | > | > Thanks for updates.
| > | | > | >
| > | | > | > After carefully checking your log, we did not find any relate
| > | | > information,
| > | | > | > please note that it might take some time to do the task.
| > | | > | >
| > | | > | > For this issue, I have some suggestion below:
| > | | > | >
| > | | > | > Can I assume that you want to set up the SBS 2003 premium as
a
| > CA
| > | | > server,
| > | | > | > so that when user logon to website, they require the
| > certificate,
| > | | > which
| > | | > | > purpose you want to use for this certificate for VPN issue or
| > for
| > a
| > | | > | > website? From your log, it seems to be used for IPSec VPN.
| > | | > | >
| > | | > | > 1. Please change the website you use for web enrollment's
| > | | > authentication
| > | | > | > method from anonymous to Windows Authentication.
| > | | > | > 2. Please refer to the KB article below to check the
permission
| > | | > setting
| > | | > | > for
| > | | > | > CA, make sure that you have go through the article to double
| > check
| > | it:
| > | | > | >
| > | | > | > Q239706 Default Permission Settings for Enterprise Certificate
| > | | > Authority
| > | | > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US
| > | | > | >
| > | | > | > 3. If the issue still exists, please follow the steps to
| > reinstall
| > | the
| > | | > CA
| > | | > | > server:
| > | | > | >
| > | | > | > A. Opened regedit and went to HKLM\system\CCS\services and
| > | deleted
| > | | > the
| > | | > | > certsrv key
| > | | > | > B. Opened the file system and deleted
c:\winnt\system32\certserv
| > | | > folder
| > | | > | > and
| > | | > | > contents
| > | | > | > C. Opened up AD sites and services and deleted and in
| > | services\public
| > | | > key
| > | | > | > services
| > | | > | >
| > | | > | > Please deleted all the contents of the containers leaving the
| > empty
| > | | > | > containers with the exception of the templates container.
Note,
| > | please
| > | | > | > perform a backup for registry.
| > | | > | >
| > | | > | > If the issue still exist, you have to refer to the KB article
| > below
| > | to
| > | | > | > change the log level of certificate then reproduce the issue
| > check
| > | the
| > | | > | > event log again.
| > | | > | >
| > | | > | > 305018 How to Change the Event Logging Level for Certificate
| > | Services
| > | | > | > http://support.microsoft.com/?id=305018
| > | | > | >
| > | | > | > Thanks for your efforts. I will be here waiting for updates.
| > | | > | >
| > | | > | >
| > | | > | >
| > | | > | > Best regards,
| > | | > | >
| > | | > | > Charles Yang (MSFT)
| > | | > | >
| > | | > | > Microsoft CSS Online Newsgroup Support
| > | | > | >
| > | | > | > Get Secure! - www.microsoft.com/security
| > | | > | >
| > | | > | > ======================================================
| > | | > | > This newsgroup only focuses on SBS technical issues. If you
have
| > | | > issues
| > | | > | > regarding other Microsoft products, you'd better post in the
| > | | > corresponding
| > | | > | > newsgroups so that they can be resolved in an efficient and
| > timely
| > | | > manner.
| > | | > | > You can locate the newsgroup here:
| > | | > | >
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | | > | >
| > | | > | > When opening a new thread via the web interface, we recommend
| > you
| > | | > check
| > | | > | > the
| > | | > | > "Notify me of replies" box to receive e-mail notifications
when
| > | there
| > | | > are
| > | | > | > any updates in your thread. When responding to posts via your
| > | | > newsreader,
| > | | > | > please "Reply to Group" so that others may learn and benefit
| > from
| > | your
| > | | > | > issue.
| > | | > | >
| > | | > | > Microsoft engineers can only focus on one issue per thread.
| > | Although
| > | | > we
| > | | > | > provide other information for your reference, we recommend you
| > post
| > | | > | > different incidents in different threads to keep the thread
| > clean.
| > | In
| > | | > | > doing
| > | | > | > so, it will ensure your issues are resolved in a timely
manner.
| > | | > | >
| > | | > | > For urgent issues, you may want to contact Microsoft CSS
| > directly.
| > | | > Please
| > | | > | > check http://support.microsoft.com for regional support phone
| > | numbers.
| > | | > | >
| > | | > | > Any input or comments in this thread are highly appreciated.
| > | | > | > ======================================================
| > | | > | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | | > | > rights.
| > | | > | >
| > | | > | >
| > | | > | > =====================================================
| > | | > | > When responding to posts, please "Reply to Group" via your
| > | newsreader
| > | | > so
| > | | > | > that others may learn and benefit from your issue.
| > | | > | > =====================================================
| > | | > | >
| > | | > | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | | > | > rights.
| > | | > | >
| > | | > | > --------------------
| > | | > | > | From: "PG" <*@*.*>
| > | | > | > | References: <#sK5fqquFHA.3688@xxxxxxxxxxxxxxxxxxxx>
| > | | > | > <tiIB9hYvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
| > | | > | > <OCcZJ8dvFHA.3080@xxxxxxxxxxxxxxxxxxxx>
| > | | > | > <biaXSFkvFHA.3020@xxxxxxxxxxxxxxxxxxxxx>
| > | | > | > | Subject: Re: SBS2003Premium Certification Authority from
| > HELL!!!
| > | | > | > | Date: Wed, 21 Sep 2005 11:33:30 +0100
| > | | > | > | Lines: 401
| > | | > | > | X-Priority: 3
| > | | > | > | X-MSMail-Priority: Normal
| > | | > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | | > | > | X-RFC2646: Format=Flowed; Original
| > | | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | | > | > | Message-ID: <#iTzmgpvFHA.3252@xxxxxxxxxxxxxxxxxxxx>
| > | | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | | > | > | NNTP-Posting-Host: 62.48.233.71
| > | | > | > | Path:
| > | | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| > | | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | | > microsoft.public.windows.server.sbs:155186
| > | | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | | > | > |
| > | | > | > | I've sent you the log's as you requested Charles...
| > | | > | > |
| > | | > | > | Thanks for the help
| > | | > | > |
| > | | > | > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx>
wrote
| > in
| > | | > message
| > | | > | > | news:biaXSFkvFHA.3020@xxxxxxxxxxxxxxxxxxxxxxxx
| > | | > | > | > HI PG,
| > | | > | > | >
| > | | > | > | > Thanks for updates.
| > | | > | > | >
| > | | > | > | > In order to make the issue more clear, could you send me
the
| > | | > | > application
| > | | > | > | > log and system event log so that we can isolate the issue
| > more
| > | | > | > clearly,
| > | | > | > | > you
| > | | > | > | > can compress the log files and send to my mailbox.
| > | | > | > | >
| > | | > | > | > v-chayan@xxxxxxxxxxxxx
| > | | > | > | >
| > | | > | > | > Thanks for your understanding.
| > | | > | > | >
| > | | > | > | >
| > | | > | > | >
| > | | > | > | > Best regards,
| > | | > | > | >
| > | | > | > | > Charles Yang (MSFT)
| > | | > | > | >
| > | | > | > | > Microsoft CSS Online Newsgroup Support
| > | | > | > | >
| > | | > | > | > Get Secure! - www.microsoft.com/security
| > | | > | > | >
| > | | > | > | > ======================================================
| > | | > | > | > This newsgroup only focuses on SBS technical issues. If
you
| > have
| > | | > | > issues
| > | | > | > | > regarding other Microsoft products, you'd better post in
the
| > | | > | > corresponding
| > | | > | > | > newsgroups so that they can be resolved in an efficient
and
| > | timely
| > | | > | > manner.
| > | | > | > | > You can locate the newsgroup here:
| > | | > | > | >
| > | http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | | > | > | >
| > | | > | > | > When opening a new thread via the web interface, we
| > recommend
| > | you
| > | | > | > check
| > | | > | > | > the
| > | | > | > | > "Notify me of replies" box to receive e-mail notifications
| > when
| > | | > there
| > | | > | > are
| > | | > | > | > any updates in your thread. When responding to posts via
| > your
| > | | > | > newsreader,
| > | | > | > | > please "Reply to Group" so that others may learn and
benefit
| > | from
| > | | > your
| > | | > | > | > issue.
| > | | > | > | >
| > | | > | > | > Microsoft engineers can only focus on one issue per
thread.
| > | | > Although
| > | | > | > we
| > | | > | > | > provide other information for your reference, we recommend
| > you
| > | | > post
| > | | > | > | > different incidents in different threads to keep the
thread
| > | clean.
| > | | > In
| > | | > | > | > doing
| > | | > | > | > so, it will ensure your issues are resolved in a timely
| > manner.
| > | | > | > | >
| > | | > | > | > For urgent issues, you may want to contact Microsoft CSS
| > | directly.
| > | | > | > Please
| > | | > | > | > check http://support.microsoft.com for regional support
| > phone
| > | | > numbers.
| > | | > | > | >
| > | | > | > | > Any input or comments in this thread are highly
appreciated.
| > | | > | > | > ======================================================
| > | | > | > | > This posting is provided "AS IS" with no warranties, and
| > | confers
| > | | > no
| > | | > | > | > rights.
| > | | > | > | >
| > | | > | > | >
| > | | > | > | > =====================================================
| > | | > | > | > When responding to posts, please "Reply to Group" via your
| > | | > newsreader
| > | | > | > so
| > | | > | > | > that others may learn and benefit from your issue.
| > | | > | > | > =====================================================
| > | | > | > | >
| > | | > | > | > This posting is provided "AS IS" with no warranties, and
| > | confers
| > | | > no
| > | | > | > | > rights.
| > | | > | > | >
| > | | > | > | > --------------------
| > | | > | > | > | From: "PG" <*@*.*>
| > | | > | > | > | References: <#sK5fqquFHA.3688@xxxxxxxxxxxxxxxxxxxx>
| > | | > | > | > <tiIB9hYvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
| > | | > | > | > | Subject: Re: SBS2003Premium Certification Authority from
| > | HELL!!!
| > | | > | > | > | Date: Tue, 20 Sep 2005 13:28:25 +0100
| > | | > | > | > | Lines: 269
| > | | > | > | > | X-Priority: 3
| > | | > | > | > | X-MSMail-Priority: Normal
| > | | > | > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | | > | > | > | X-RFC2646: Format=Flowed; Original
| > | | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | | > | > | > | Message-ID: <OCcZJ8dvFHA.3080@xxxxxxxxxxxxxxxxxxxx>
| > | | > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | | > | > | > | NNTP-Posting-Host: 62.48.233.71
| > | | > | > | > | Path:
| > | | > | >
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | | > | > microsoft.public.windows.server.sbs:154800
| > | | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | | > | > | > |
| > | | > | > | > | Thanks for your reply Charles
| > | | > | > | > |
| > | | > | > | > | Responses to your questions follow, and are in line:
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx>
| > wrote
| > | in
| > | | > | > message
| > | | > | > | > | news:tiIB9hYvFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
| > | | > | > | > | > HI PG,
| > | | > | > | > | >
| > | | > | > | > | > Welcome to SBS newsgroup.
| > | | > | > | > | >
| > | | > | > | > | > Issue description:
| > | | > | > | > | > ================
| > | | > | > | > | >
| > | | > | > | > | > I understand that you encountered some problem when
| > using
| > | CA
| > | | > on
| > | | > | > SBS
| > | | > | > | > 2003
| > | | > | > | > | > premium.
| > | | > | > | > | >
| > | | > | > | > | > Analyzing and suggestions:
| > | | > | > | > | > ================
| > | | > | > | > | >
| > | | > | > | > | > Generally speaking, the error you encountered can be
| > caused
| > | by
| > | | > | > many
| > | | > | > | > | > factors, in order to make the issue more clear, please
| > | refer
| > | | > to
| > | | > my
| > | | > | > | > | > suggestions below to gather more information:
| > | | > | > | > | >
| > | | > | > | > | > 1. If possible, please send me the event log for
further
| > | | > research,
| > | | > | > it
| > | | > | > | > | > should include more information which can help us
| > determine
| > | | > which
| > | | > | > | > kinds
| > | | > | > | > of
| > | | > | > | > | > error you encountered, you can send the log files to
my
| > | email
| > | | > box.
| > | | > | > | > | > v-chayan@xxxxxxxxxxxxxx
| > | | > | > | > |
| > | | > | > | > | There is nothing recorded in the logs, when the error's
| > occur.
| > | | > | > | > |
| > | | > | > | > | > 2. Does the issue occur from the client's computer or
| > from
| > | the
| > | | > | > server
| > | | > | > | > | > side?
| > | | > | > | > |
| > | | > | > | > | Both! It occur's when I request a certificate from the
| > client
| > | | > and
| > | | > | > from
| > | | > | > | > the
| > | | > | > | > | server! :( Via Web request or MMC snap-in
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | > | >
| > | | > | > | > | >
| > | | > | > | > | > Let's first check the following:
| > | | > | > | > | >
| > | | > | > | > | > 1. Go to the CA Server, go to Services.msc console,
make
| > | sure
| > | | > that
| > | | > | > the
| > | | > | > | > | > Certificate Service is started.
| > | | > | > | > |
| > | | > | > | > | Check
| > | | > | > | > |
| > | | > | > | > | > 2. Open Certificate Authority, make sure that it can
be
| > | | > opened.
| > | | > | > | > |
| > | | > | > | > | Check
| > | | > | > | > |
| > | | > | > | > | > 3. If you are using Enterprise CA, go to the
Certificate
| > | | > Template
| > | | > | > in
| > | | > | > | > the
| > | | > | > | > | > Certificate Authority, make sure that necessary
| > Certificate
| > | | > | > Template
| > | | > | > | > is
| > | | > | > | > | > added and listed in the right panel.
| > | | > | > | > |
| > | | > | > | > | Check
| > | | > | > | > |
| > | | > | > | > | > 4. On the CA Server, click Start -> Run, type MMC and
| > click
| > | | > OK.
| > | | > | > Click
| > | | > | > | > File
| > | | > | > | > | > -> Add/Remove Snap-in, click Add button, select
| > Certificate,
| > | | > click
| > | | > | > | > Add,
| > | | > | > | > | > select Computer Account and click next. Select Local
| > | Computer,
| > | | > | > click
| > | | > | > | > | > Finish
| > | | > | > | > | > and then Close.
| > | | > | > | > |
| > | | > | > | > | Check
| > | | > | > | > |
| > | | > | > | > | > 5. Expand the Certificate (Local
| > | | > Computer)\Personal\Certificate,
| > | | > | > check
| > | | > | > | > if
| > | | > | > | > | > the Root certificate exists. It's 'issued by' and
| > 'issued
| > | to'
| > | | > | > should
| > | | > | > | > be
| > | | > | > | > | > itself. Then please check if the root certificate is
| > still
| > | | > alive.
| > | | > | > If
| > | | > | > | > it
| > | | > | > | > is
| > | | > | > | > | > expired, right click the Certificate, select All
| > Tasks ->
| > | | > Renew
| > | | > | > | > | > Certificate
| > | | > | > | > | > with Same Key. Then renew the user certificate and
let
| > me
| > | know
| > | | > how
| > | | > | > | > | > everything is going.
| > | | > | > | > | > NOTE: Please check the Certificate Authority to make
| > sure
| > | that
| > | | > | > these
| > | | > | > | > | > client
| > | | > | > | > | > certificate are not revoked before you renew the
| > | certificate.
| > | | > | > | > | >
| > | | > | > | > | > If the issue still exists, please check if the CA
| > computer
| > | | > where
| > | | > | > you
| > | | > | > | > start
| > | | > | > | > | > the Certificate Web Enrollment from is set to trust
for
| > | | > | > delegation.
| > | | > | > To
| > | | > | > | > do
| > | | > | > | > | > so:
| > | | > | > | > | > 1. Log on as a domain administrator or equivalent
| > account.
| > | | > | > | > | > 2. Click Start, point to Programs, point to
| > Administrative
| > | | > Tools,
| > | | > | > and
| > | | > | > | > then
| > | | > | > | > | > click "Active Directory Users and Computers".
| > | | > | > | > | > 3. In the left pane, locate the container or
| > organizational
| > | | > unit
| > | | > | > (OU)
| > | | > | > | > on
| > | | > | > | > | > which you want to enable delegation.
| > | | > | > | > | > 4. Right-click the computer account name, and then
click
| > | | > | > Properties.
| > | | > | > | > | > 5. On the General tab, click Trust computer for
| > delegation.
| > | | > | > | > | > 6. Click OK.
| > | | > | > | > | > 7. Quit Active Directory Users and Computers.
| > | | > | > | > | >
| > | | > | > | > | > For more info, please refer to:
| > | | > | > | > | > 300867 Error Message: The Certification Authority
| > Service
| > | Has
| > | | > Not
| > | | > | > Been
| > | | > | > | > | > Started
| > | | > | > | > | > http://support.microsoft.com/?id=300867
| > | | > | > | > |
| > | | > | > | > | The certificate is alive until 16/9/2010! So I didn't
| > renew
| > | it.
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | > | >
| > | | > | > | > | >
| > | | > | > | > | > This issue may also occur if the Domain Users group on
| > the
| > | | > child
| > | | > | > | > domain
| > | | > | > | > | > does not have the right to enroll a user template. To
| > have a
| > | | > | > check:
| > | | > | > | > | >
| > | | > | > | > | > 1. Logon to CA Server as Enterprise Administrator
| > | | > | > | > |
| > | | > | > | > | check
| > | | > | > | > |
| > | | > | > | > | > 2. Click Start, click Programs, click Administrative
| > Tools,
| > | | > and
| > | | > | > then
| > | | > | > | > click
| > | | > | > | > | > the "Active Directory Sites and Services" snap-in.
| > | | > | > | > |
| > | | > | > | > | check
| > | | > | > | > |
| > | | > | > | > | > 3. In MMC, right-click the "Active Directory Sites and
| > | | > Services"
| > | | > | > | > snap-in,
| > | | > | > | > | > click View, and then click "Show Services Mode". This
| > allows
| > | | > you
| > | | > | > to
| > | | > | > | > view
| > | | > | > | > | > the Services folder, which is hidden from view by
| > default.
| > | | > | > | > |
| > | | > | > | > | Check
| > | | > | > | > |
| > | | > | > | > | > 4. From the "Active Directory Sites and Services"
| > snap-in,
| > | | > click
| > | | > | > | > Services,
| > | | > | > | > | > click Public Key Services, and then click Certificate
| > | | > Templates.
| > | | > | > This
| > | | > | > | > | > reveals the complete list of published certificate
| > | templates
| > | | > in
| > | | > | > Active
| > | | > | > | > | > Directory.
| > | | > | > | > |
| > | | > | > | > | Check
| > | | > | > | > |
| > | | > | > | > | > 5. Double-click the User certificate template to view
| > the
| > | | > | > properties.
| > | | > | > | > |
| > | | > | > | > | Check
| > | | > | > | > |
| > | | > | > | > | > 6. On the Security tab, click Add to add the Domain
| > Users
| > | | > group
| > | | > to
| > | | > | > the
| > | | > | > | > | > list.
| > | | > | > | > |
| > | | > | > | > | The group domain users wasn't there so I added it
| > | | > | > | > |
| > | | > | > | > | > 7. For the Domain Users group, select the Read and
| > Enroll
| > | | > rights.
| > | | > | > | > |
| > | | > | > | > | When I tryed to apply the changes it gave the following
| > error:
| > | | > | > | > |
| > | | > | > | > | "Unable to save permission changes on
| > | | > | > | > |
LDAP://SBS2003PDC.CONTIMETRA.LOCAL/CN=USER,CN=CERTIFICATE
| > | | > | > | > | TEMPLATES,CN=PUBLIC KEY
| > | | > | > | > |
| > SERVICES,CN=SERVICES,CN=CONFIGURATION,DC=CONTIMETRA,DC=LOCAL
| > | | > | > | > |
| > | | > | > | > | ACCESS IS DENIED"
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | > | > 8. Restart the computer.
| > | | > | > | > |
| > | | > | > | > | Didn't do it because no changes were made!
| > | | > | > | > |
| > | | > | > | > | >
| > | | > | > | > | > For more info, please refer to:
| > | | > | > | > | > 271861 Windows Cannot Find a Certificate Authority
That
| > | | > Processes
| > | | > | > the
| > | | > | > | > | > Request
| > | | > | > | > | > http://support.microsoft.com/?id=271861
| > | | > | > | > | >
| > | | > | > | > | > NOTE: Request from MMC only works if it is a
Enterprise
| > CA.
| > | To
| > | | > | > stand
| > | | > | > | > alone
| > | | > | > | > | > CA, you must request certificate by WEB.
| > | | > | > | > | >
| > | | > | > | > | > I appreciate your understanding and please paste your
| > | results
| > | | > as
| > | | > | > your
| > | | > | > | > | > convenience, It is important for us to isolate the
| > issue.
| > I
| > | am
| > | | > | > glad
| > | | > | > to
| > | | > | > | > | > help
| > | | > | > | > | > you.
| > | | > | > | > | >
| > | | > | > | > | >
| > | | > | > | > | >
| > | | > | > | > | > Best regards,
| > | | > | > | > | >
| > | | > | > | > | > Charles Yang (MSFT)
| > | | > | > | > | >
| > | | > | > | > | > Microsoft CSS Online Newsgroup Support
| > | | > | > | > | >
| > | | > | > | > | > Get Secure! - www.microsoft.com/security
| > | | > | > | > | >
| > | | > | > | > | > ======================================================
| > | | > | > | > | > This newsgroup only focuses on SBS technical issues.
If
| > you
| > | | > have
| > | | > | > | > issues
| > | | > | > | > | > regarding other Microsoft products, you'd better post
in
| > the
| > | | > | > | > corresponding
| > | | > | > | > | > newsgroups so that they can be resolved in an
efficient
| > and
| > | | > timely
| > | | > | > | > manner.
| > | | > | > | > | > You can locate the newsgroup here:
| > | | > | > | > | >
| > | | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | | > | > | > | >
| > | | > | > | > | > When opening a new thread via the web interface, we
| > | recommend
| > | | > you
| > | | > | > | > check
| > | | > | > | > | > the
| > | | > | > | > | > "Notify me of replies" box to receive e-mail
| > notifications
| > | | > when
| > | | > | > there
| > | | > | > | > are
| > | | > | > | > | > any updates in your thread. When responding to posts
via
| > | your
| > | | > | > | > newsreader,
| > | | > | > | > | > please "Reply to Group" so that others may learn and
| > benefit
| > | | > from
| > | | > | > your
| > | | > | > | > | > issue.
| > | | > | > | > | >
| > | | > | > | > | > Microsoft engineers can only focus on one issue per
| > thread.
| > | | > | > Although
| > | | > | > | > we
| > | | > | > | > | > provide other information for your reference, we
| > recommend
| > | you
| > | | > | > post
| > | | > | > | > | > different incidents in different threads to keep the
| > thread
| > | | > clean.
| > | | > | > In
| > | | > | > | > | > doing
| > | | > | > | > | > so, it will ensure your issues are resolved in a
timely
| > | | > manner.
| > | | > | > | > | >
| > | | > | > | > | > For urgent issues, you may want to contact Microsoft
CSS
| > | | > directly.
| > | | > | > | > Please
| > | | > | > | > | > check http://support.microsoft.com for regional
support
| > | phone
| > | | > | > numbers.
| > | | > | > | > | >
| > | | > | > | > | > Any input or comments in this thread are highly
| > appreciated.
| > | | > | > | > | > ======================================================
| > | | > | > | > | > This posting is provided "AS IS" with no warranties,
and
| > | | > confers
| > | | > | > no
| > | | > | > | > | > rights.
| > | | > | > | > | >
| > | | > | > | > | >
| > | | > | > | > | > =====================================================
| > | | > | > | > | > When responding to posts, please "Reply to Group" via
| > your
| > | | > | > newsreader
| > | | > | > | > so
| > | | > | > | > | > that others may learn and benefit from your issue.
| > | | > | > | > | > =====================================================
| > | | > | > | > | >
| > | | > | > | > | > This posting is provided "AS IS" with no warranties,
and
| > | | > confers
| > | | > | > no
| > | | > | > | > | > rights.
| > | | > | > | > | >
| > | | > | > | > | > --------------------
| > | | > | > | > | > | From: "PG" <*@*.*>
| > | | > | > | > | > | Subject: SBS2003Premium Certification Authority from
| > | HELL!!!
| > | | > | > | > | > | Date: Fri, 16 Sep 2005 11:35:46 +0100
| > | | > | > | > | > | Lines: 25
| > | | > | > | > | > | X-Priority: 3
| > | | > | > | > | > | X-MSMail-Priority: Normal
| > | | > | > | > | > | X-Newsreader: Microsoft Outlook Express
6.00.3790.1830
| > | | > | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
| > V6.00.3790.1830
| > | | > | > | > | > | X-RFC2646: Format=Flowed; Original
| > | | > | > | > | > | Message-ID: <#sK5fqquFHA.3688@xxxxxxxxxxxxxxxxxxxx>
| > | | > | > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | | > | > | > | > | NNTP-Posting-Host: 62.48.233.71
| > | | > | > | > | > | Path:
| > | | > | > | >
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | | > | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | | > | > | > microsoft.public.windows.server.sbs:153926
| > | | > | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | | > | > | > | > |
| > | | > | > | > | > | Hi everybody,
| > | | > | > | > | > |
| > | | > | > | > | > | When I try to request a certificate from my
| > | Enterprise
| > | | > CA
| > | | > | > | > installed
| > | | > | > | > | > on
| > | | > | > | > | > | SBS2003Premium It gives the following error :"No
| > | certificate
| > | | > | > | > templates
| > | | > | > | > | > could
| > | | > | > | > | > | be found. You do not have permission to request a
| > | | > certificate
| > | | > | > from
| > | | > | > | > this
| > | | > | > | > | > CA,
| > | | > | > | > | > | or an error occurred while accessing the Active
| > | Directory."
| > | | > I
| > | | > | > went
| > | | > | > | > and
| > | | > | > | > | > | search for a solution and found this microsoft
article
| > | | > | > | > | > |
| > | | > http://support.microsoft.com/default.aspx?scid=kb;en-us;811418
| > | | > | > that
| > | | > | > | > | > didn't
| > | | > | > | > | > | help because the name of the server is the same in
the
| > | | > | > certdat.inc
| > | | > | > | > and
| > | | > | > | > | > in
| > | | > | > | > | > | the AD!!! :(
| > | | > | > | > | > |
| > | | > | > | > | > | When I go to the certification authority and
click
| > on
| > | | > | > "manage"
| > | | > | > | > on
| > | | > | > | > | > the
| > | | > | > | > | > | certificate templates, windows says that it detected
| > that
| > | | > new
| > | | > | > | > | > certificate
| > | | > | > | > | > | templates should be installed, and ask if I want to
| > | install
| > | | > them
| > | | > | > | > now,
| > | | > | > | > | > and
| > | | > | > | > | > I
| > | | > | > | > | > | say "Yes", and gives an error saying "Windows could
| > not
| > | | > install
| > | | > | > the
| > | | > | > | > new
| > | | > | > | > | > | certificate templates. Access is denied" :( I doing
| > this
| > | as
| > | | > | > | > enterprise
| > | | > | > | > | > admin
| > | | > | > | > | > | and it says access denied!!!!! :( :(
| > | | > | > | > | > |
| > | | > | > | > | > | I've tryed to reinstall the CA and the errors
are
| > | still
| > | | > the
| > | | > | > | > same!
| > | | > | > | > | > |
| > | | > | > | > | > | Can anyone help me with this issue, please?
| > | | > | > | > | > |
| > | | > | > | > | > | Thanks in advance for any help you can give
me....
| > | | > | > | > | > |
| > | | > | > | > | > |
| > | | > | > | > | > |
| > | | > | > | > | >
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | > |
| > | | > | > | >
| > | | > | > |
| > | | > | > |
| > | | > | > |
| > | | > | >
| > | | > |
| > | | > |
| > | | > |
| > | | >
| > | |
| > | |
| > | |
| > |
| > |
| >
|
|
|

.