Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Smartcard Enrollment

Posted on 2009-03-31
6
Medium Priority
?
1,518 Views
Last Modified: 2012-05-06
I need to use an enrollment station to enroll smartcards for some users.  After going through the steps below I do not have this option when I navigate to the certificate enrollment page.

"Request a certificate for a smart card on behalf of another user using the Smart Card Enrollment"

Here are the steps already taken.

To prepare a smart card certificate enrollment station
On the computer that you will use to set up smart cards, install a smart card reader, following the manufacturer's instructions.

Log on as the user or administrator who will be installing certificates on smart cards.

On the taskbar, click the Start button, click Run, type mmc, and then click OK.

On the File menu, click Add/Remove Snap-in, and then click Add.

In Snap-in, double-click Certificates. If you are logged on as a user, the Certificates snap-in automatically loads.

If you are logged on as an Administrator, click My user account, and then click Finish.

Click Close and then click OK.

Double-click Certificates - Current User.

In the console tree, click Personal.
Where?

Certificates - Current User/Personal

On the Action menu, point to All Tasks, and then click Request New Certificate.

In the Certificate Request Wizard, click the Enrollment Agent certificate template and type a friendly name and a description for the certificate.

When prompted by the Certificate Request Wizard, click Install Certificate.
0
Comment
Question by:Ascentium
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24040567
Here's the guide:
http://support.microsoft.com/kb/257480

Do you have an enrollment agent cert yet for the admin account you're logged in as?
0
 

Author Comment

by:Ascentium
ID: 24040768
Yes...already have the enrollment agent cert installed.  I've already gone through all the steps in that guide.  Still no option to enroll on behalf of another user.
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 1500 total points
ID: 24041140
Try accessing through the certsrv page - it would be 1st option - 3rd option.  Here is a direct link example:
http://CA_HOSTNAME/certsrv/certsces.asp
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Ascentium
ID: 24042012
I get a page cannot be found when try to navigate to that inserting my CA Hostname.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 1500 total points
ID: 24043155
You can pull up http://CA_HOSTNAME/certsrv  -- correct?  If not, restart web services and make sure the site comes up in IIS.  Also check that ASP is installed and started in IIS.

Check to make sure that page exists - if not, you may have installed the CA before IIS, or there was a glitch... either way try this from a cmd prompt first to reinstall the web pages for certsrv:
certutil -vroot
restart web services

If still no go and IIS/ASP are installed:
use the CA MMC - highlight CAName - rightclick - All tasks - Backup CA, and include the private key and database (not incremental).  Backup your system including system state and verify the backup if you can.  Reinstall certificate services and then use the CA MMC to Restore CA.
0
 

Author Comment

by:Ascentium
ID: 24055164
Opened a PSS ticket for this.  We had to uninstall a hotfix for active x controls (sorry for being vague) that essentially made it so the option to request a cert on behalf of another user did not show up.  Then I had to roll back my IE version to 6 because IE 7 will not allow the active x controls for the enrollment page to run.  You also have to turn off the popup blocker so you get the warning and can accept to run the active x controls.  I think it may have been easier if I just uprgraded my cert server to 2008 so I could use the MMC instead.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question