Cannot Request Domain Controller Certificate from Domain Controller

Posted on 2006-06-02
Last Modified: 2008-02-20
Hi all,

I am currently having an issue where I cannot request a domain controller certificate from my AD integrated enterprise CA that's running on a Windows 2003 server. I am attempting to request it from another domain controller since its certificate expired. When I attempt to request it I get the following error:

The certificate request failed because of one of the following conditions:
-The certificate request was submitted to a Certification Authority (CA) that is not started.
-You do not have the permissions to request certificates from the available CAs.

All other machines and users are able to request certificates. I am requesting the certificate as a domain admin.

Any help would be greatly appreciated. Thank you!
Question by:sandvine
    LVL 15

    Accepted Solution


    Been there done that.

    Here you go,  I will make a guess last time you needed to get a cert for a DC your CA was running Windows 2003 without SP1 and now the CA is running 2003 SP1.

    Look at the following from Technote from MS:

        Description of the changes to DCOM security settings after you install Windows Server 2003 Service Pack 1

    Look at the section that starts "If the certification authority is installed on a domain controller"

    I think I ended up doing  Run, and then type dcomcnfg - look at the DCOM Config Cert Request and gave the everyone group local and remote access, I have a child domain (CA in parent) it was trying to get a SSL cert for a child domain dc that caused me to come across this in the past.

    I do not have detailed notes on each step I took and I think I could have done things differently but I was in a bind.

    Good luck, let me know if you have questions. If you can detail anything you do here for others and to share with me so I could review my config.


    Author Comment

    Thank you for your response Mark. After reading through that article I was able to get a domain controller certficiate within minutes. Thanks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    Title # Comments Views Activity
    Windows server 2003 no icons 6 11
    PXE question 7 69
    Clone Windows 2003 SBS into VMware Virtual Machine 3 65
    Windows 2003 new patches 11 48
    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now