Link to home
Start Free TrialLog in
Avatar of dccconsulting
dccconsulting

asked on

How to configure auto enrollment certifcate for OCS 2007

I am following Microsoft's Office Communications Server (OCS) lab setup instructions. I have created a new certificate template for server authetication by duplicating the web server template and configured it for autoenrollment. However, I don't see the template when I use http://contoso.ad/certsrv or in the OCS deployment/configure certificate wizard. I see that a certificate based on this template has been issued in the consol Root/Certificates(local Computer)/Personal/Certificates.  I need help on how to configure an auto enrollment certificate in Office Communication Server 2007.

Environment - Win 2003 Enterprise, Active directory, OCS2007.

Any insight would be greatly appreciated.
Avatar of gaanthony
gaanthony
Flag of United States of America image

After duplicating the Web Server template and calling naming it MTLS in the Certficates Template MMC snap-in you will need to go back to the Certficate Authority MMC and right-click Certificate Templates, select New/Certificate Template and select the template you modified to make available.  It should now be available as a choice in http://CAservername/certsvr.  
Bear in mind that modifying the default templates and support for autoenrollment is only available with a Windows Root CA installed on Windows Server 2003 Server Enteprise Edition.
Avatar of dccconsulting
dccconsulting

ASKER

After duplicating the Web Server template without any modifications, it is available in http://CAservername/certsvr. However, as soon as the new template is set for auto enrollment it does not show up in http://CAservername/certsvr.

Yes I have Windows Root CA installed on Windows Server 2003 Enterprise Edition.
duplicate certificate is configured as follows:

General Tab - Publish certificate in Active Directory
Request Tab - Purpose - signature and encryption
                       Allow private Key to be exported
Subject Tab - Build from this active Directory information
                      Subject Name - Fully distinguished name
                      Alternate Subject name - DNS name
Security Tab - Read, Write, Enroll and Auto enroll permissions to Autheticated user, Domain Admins, Domain Computers, Enterprise Admins
ASKER CERTIFIED SOLUTION
Avatar of gaanthony
gaanthony
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial