Solved

How to configure auto enrollment certifcate for OCS 2007

Posted on 2008-06-18
4
1,509 Views
Last Modified: 2013-12-04
I am following Microsoft's Office Communications Server (OCS) lab setup instructions. I have created a new certificate template for server authetication by duplicating the web server template and configured it for autoenrollment. However, I don't see the template when I use http://contoso.ad/certsrv or in the OCS deployment/configure certificate wizard. I see that a certificate based on this template has been issued in the consol Root/Certificates(local Computer)/Personal/Certificates.  I need help on how to configure an auto enrollment certificate in Office Communication Server 2007.

Environment - Win 2003 Enterprise, Active directory, OCS2007.

Any insight would be greatly appreciated.
0
Comment
Question by:dccconsulting
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:gaanthony
ID: 21817458
After duplicating the Web Server template and calling naming it MTLS in the Certficates Template MMC snap-in you will need to go back to the Certficate Authority MMC and right-click Certificate Templates, select New/Certificate Template and select the template you modified to make available.  It should now be available as a choice in http://CAservername/certsvr.  
Bear in mind that modifying the default templates and support for autoenrollment is only available with a Windows Root CA installed on Windows Server 2003 Server Enteprise Edition.
0
 

Author Comment

by:dccconsulting
ID: 21817561
After duplicating the Web Server template without any modifications, it is available in http://CAservername/certsvr. However, as soon as the new template is set for auto enrollment it does not show up in http://CAservername/certsvr.

Yes I have Windows Root CA installed on Windows Server 2003 Enterprise Edition.
0
 

Author Comment

by:dccconsulting
ID: 21818375
duplicate certificate is configured as follows:

General Tab - Publish certificate in Active Directory
Request Tab - Purpose - signature and encryption
                       Allow private Key to be exported
Subject Tab - Build from this active Directory information
                      Subject Name - Fully distinguished name
                      Alternate Subject name - DNS name
Security Tab - Read, Write, Enroll and Auto enroll permissions to Autheticated user, Domain Admins, Domain Computers, Enterprise Admins
0
 
LVL 12

Accepted Solution

by:
gaanthony earned 500 total points
ID: 21826670
I should have caught what you were asking the first time.  Change auto enrollment to Not Allowed and the certificate you duplicated should be available.
 That feature is basically for certificates for workstation authentication and domain controller authentication.
Autoenrollment automatically downloads and manages trusted root certificates, cross-certificates, and NTAuth certificates from Active Directory into the local machine registry for domain-joined machines. All users who log on to the machine inherit the trust and downloaded certificates that are downloaded and managed by autoenrollment.

0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sharepoint 2010 Audit Logs 11 123
need help with active directory 4 57
DHCP scope restore question Server 2003 to 2012R2 6 80
How often Should you reconcile DHCP manually? 1 26
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question