Microsoft CA IIS problem

Hello, I am having an issue with my in house CA server. I was attempting to allow HTTPS authentication for me CA website under IIS. I went to default website under Directory Security tab. For Authentication and Access Control I changed it from the default anonymous IUSR_CASRV account to integrated windows authentication. When I pressed apply/ok it applied that to all the sub directories, and now when access my site and select request certificate it says that there are no templates found. I went back and removed the integrated windows authentication, but I'm still having the same result. I've restarted my services and still have been unable to access my cert templates via the web interface. Any help would be greatly appreciated.
jmchristyAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
Sorry, yes delete the certsrv listing in IIS.
Sorry, typed that a little weird there - rename files or move to a folder - the .asp files in %systemroot%\system32\certsrv

The certsrv folder also contains files for your CA, so careful not to overdo it.  Probably easiest to make a 'oldASPfiles' folder or something like that and move all the ASP files into there.

Then run commands as above.
0
 
ParanormasticCryptographic EngineerCommented:
try running this from cmd box:
certutil -vroot
0
 
ParanormasticCryptographic EngineerCommented:
otherwise try deleting the site and rename the actual file folders and then run that again...
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
jmchristyAuthor Commented:
Just to clairify, I should delete my sites from the IIS (CertControl, CertEnroll, CertSrv) Default Web Site? Which file folders should I rename? I'm sorry, I don't have a lot of experience with IIS.
0
 
ParanormasticCryptographic EngineerCommented:
Yes - remove all from IIS: CertControl, CertEnroll, CertSrv
0
 
ParanormasticCryptographic EngineerCommented:
Alternatively, you could use the CA MMC to backup CA and backup the private key and database (not incremental) and reinstall certificates services as well with the same results, then go back into CA MMC and choose to restore CA and point to the file you backed up.  Adviseable to do a full backup including system state before reinstalling cert services, just to be safe, in addition to backing up the CA from the MMC.
0
 
jmchristyAuthor Commented:
Removing the IIS sites and running the command worked! I have to copy the ASP files back to their original location because they didn't recreate, but once I did, I was able to see my templates in the webcert request form. Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.