Certificate Services cert install error: The Key archival hash attribute was not found in the response.
Environment:
Windows AD with 2003 R2 DC with a forest level of Windows 2008
2008 Enterprise CA installed in domain running Windows Server 2008 Enterprise.
I am trying to install a user certificate using certreq.exe. These commands work fine:
certreq.exe -new cert.inf cert.req
certreq.exe -submit cert.req cert.cer
Here is where I have a problem, when I try to accept the new certificate.
certreq.exe -accept cert.cer
It gives me this error:
Certificate Request Processor: The key archival hash attribute was not found in the response. 0x80095002 (-2146873342)
Here is a copy of the inf file
[NewRequest]
Subject="E=Joe.Smoe@af-gro
RequestType=CMC
PrivateKeyArchive=true
[RequestAttributes]
CertificateTemplate = AFAFieldUsers
SAN="upn=Jsoe&email=joe.so
The AFAFieldUsers certificate template was created from the Users template and is v3. I am able to recover the pfx file using Key Archival and install it without a problem. It also works if I request the certificate using certmgr.msc.
Windows AD with 2003 R2 DC with a forest level of Windows 2008
2008 Enterprise CA installed in domain running Windows Server 2008 Enterprise.
I am trying to install a user certificate using certreq.exe. These commands work fine:
certreq.exe -new cert.inf cert.req
certreq.exe -submit cert.req cert.cer
Here is where I have a problem, when I try to accept the new certificate.
certreq.exe -accept cert.cer
It gives me this error:
Certificate Request Processor: The key archival hash attribute was not found in the response. 0x80095002 (-2146873342)
Here is a copy of the inf file
[NewRequest]
Subject="E=Joe.Smoe@af-gro
RequestType=CMC
PrivateKeyArchive=true
[RequestAttributes]
CertificateTemplate = AFAFieldUsers
SAN="upn=Jsoe&email=joe.so
The AFAFieldUsers certificate template was created from the Users template and is v3. I am able to recover the pfx file using Key Archival and install it without a problem. It also works if I request the certificate using certmgr.msc.
ASKER
I made sure the inf starts with this:
[Version]
Signature= "$Windows NT$"
I can create the request and submit the certificate okay, but when I try certreq.exe -accept {new cer file} I still get the error:
Certificate Request Processor: The key archival hash attribute was not found in the response. 0x80095002 (-2146873342)
[Version]
Signature= "$Windows NT$"
I can create the request and submit the certificate okay, but when I try certreq.exe -accept {new cer file} I still get the error:
Certificate Request Processor: The key archival hash attribute was not found in the response. 0x80095002 (-2146873342)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The SAN should work, but you could try /n instead of & too - since is in inf file & should be okay - sometimes when scripted & is a parsing character and causes problems, so I like to use /n instead - sometimes that helps in unexpected situations.
Make sure your inf starts with this above [New Request]:
[Version]
Signature= "$Windows NT$"