Access denied requesting certificate 2008 r2

Hi,
My ulimate goal is to get my Cisco Aironet 1040's authenticating against my 2008 r2 (NPS) Radius server.
My domain level is 2003 native, and have 2 2008 r2 DC's
i installed NPS without a cert, have subsequently seen all the posts saying you need a certificate on the NPS have attemted installed a certificate.
So on the same 2008 r2 standard (sp1) server (which is also my PDC), i installed a Enterprise certificate authourity.
I cannot install locally a computer certificate for this domain controller.
On this post there was the comment, to install a domain controller cert.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26531372.html?sfQueryTermInfo=1+10+2008+30+access+authent+point+r2+radiu+wireless
I still get the same error.
access is denied  X staus :failed
the error logs as:
Certificate enrollment for Local system failed to enroll for a DomainControllerAuthentication certificate with request ID N/A from WINPDC.domain.co.nz\domain-WINPDC-CA (Access is denied. 0x80070005 (WIN32: 5)).
I have tried to check the templates rights in ADSIedit, but cannot find them
http://blogs.technet.com/b/askds/archive/2009/03/05/successful-errors-installing-windows-server-2008-certificate-authority.aspx

Any ideas?
cplitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
http://technet.microsoft.com/en-us/library/cc731522.aspx has some information on working with Autoenrollment, which you can use with an Enterprise CA. The certificate templates can be viewed using the Certificate Templates MMC snapin. Both your account and the Computer account must have Enroll permissions to manually generate a certificate through the CA, and autoenroll permissions on the template to use autoenrollment.
0
cplitAuthor Commented:
Hi ACBROWN2010,
Thanks for your suggestions, but there is no change.
Updated the default policy, as the link instructs. Ran gpudate /force, then ran RSOP.msc. The settings were shown as what i had changed them too.
I have explicitly defined my rights and the enterprise CA's for the autoenroll permissions and manual generate, as mentioned.
Still fails.
Application error log shows:
Certificate enrollment for Local system failed to enroll for a DomainControllerAuthentication certificate with request ID N/A from WINPDC.domain.co.nz\domain-WINPDC-CA (Access is denied. 0x80070005 (WIN32: 5)).
0
Svet PaperovIT ManagerCommented:
I’ve just answered a similar question about Web enrollment: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26944510.html?cid=1578
 It’s not the same problem you have but the procedure might help.  
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

cplitAuthor Commented:
Thanks for that spaperov, i will check it out tomorrow. See if that fixes the problem.
0
cplitAuthor Commented:
Hi Sparerov,
I get the same error, access is denied, as mentioned above.
It looks  like i have missed something, damned if i can figure it out.
Could it be what i mentioned in my orginal post ,of using standard server (2008 r2) rather than Enterprise. Could that the issue?
0
Adam BrownSr Solutions ArchitectCommented:
Possibly. I'll have to check it (in the morning) but with Windows 2003 you couldn't *have* an Enterprise Root CA on Standard edition. Had to be Enterprise edition.
0
Svet PaperovIT ManagerCommented:
acbrown2010 is right, you need Windows Server 2008 Enterpise edition in order to have Enterprise Root CA and certificates version 2 or 3. I somehow missed this in your initial post. Here is a link to Windows Server 2008 Active Directory Certificate Services Step-By-Step Guide (Word document): http://www.google.ca/url?sa=t&source=web&cd=5&ved=0CEQQFjAE&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2Fb%2Fb%2F5%2Fbb50037f-e4ae-40d1-a898-7cdfcf0ee9d8%2FWS08_STEP_BY_STEP_GUIDE%2FWS08ActiveDirectoryCertificateServicesStep-By-StepGuide_En.doc&rct=j&q=enterprise%20root%20ca%20windows%20server%202008&ei=m1CkTbvqLsry0gGs8p3pCA&usg=AFQjCNE_jzdRs8RNPe3r9rbQ2gIThWAgFw&sig2=oWxDwXEwL9LKTdcOwH24Yw&cad=rja
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.