No Certificate Templates Could Be Found

jasonpiper01
jasonpiper01 used Ask the Experts™
on
I have a windows 2000 exchange 2003 CA machine, when i go to the certsrv page to renew an expired certificate i get this "No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory."

I have tired the following page for help, but still getting the same error.
http://support.microsoft.com/kb/811418

I have also read this: http://support.microsoft.com/kb/239452/

Tired the permissions adjustments, any other ideas?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Please make sure that you have the template for the kind of certificate you want to use.
and also check the microsoft article
Certification Authority configuration to publish certificates in Active Directory of trusted domain
http://support.microsoft.com/kb/281271


ParanormasticCryptographic Engineer
Commented:
1) Is your CA server running on an Enterprise Edition OS?  If so, it was installed as such, not upgraded from Standard Edition, correct?  It must be Enterprise edition OS to see templates.

2) Is your CA installed as an Enterprise CA (root or subordinate)?  You can double check by looking at the file certdat.inc located in %systemroot%\system32\certsrv\ directory.  It should have the following for Enterprise CA:
      sServerType="Enterprise" 'vs StandAlone
If it has this then it is standalone:
      sServerType="StandAlone" 'vs Enterprise
It must be Enterprise CA to see templates.

3) Can you access certtmpl.msc (Certificate Templates.msc) okay?  If so, open a template and check the permissions tab to make sure you have permissions to read and enroll.  Note that some machine certs may not allow you to enroll via certsrv this way - if you aren't sure pick a user template like an email one (not CA Exchange which has nothing to do with exchange)

4) Try running this to reset the certsrv web directory:
certsrv -vroot
net stop certsvc
net start certsvc

5) Make sure you aren't blocking activex.

6) Read this and install the hotfix for certsrv to work correctly with vista/2008:
http://support.microsoft.com/kb/922706

7) Make sure your AD functional level is at least 2000 native mode to support version 1 templates, preferably 2003 or higher to support version 2 templates..

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial