"No Certificate Templates Could Be Found" error message when a user requests certificate from CA Web enrollment pages

Posted on 2011-05-11
Medium Priority
Last Modified: 2012-05-11
I am trying to renew my LCS certificate because it expires tomorrow morning.I have been trying to follow the information in this link.


I was following section four which is titled "4. If the customer has a 2003 Enterprise Edition, Enterprise CA." When I go to http://server/certsrv, I get the error "no certificate templates could be found you do not have permission to request a certificate from this ca or an error occurred while accessing the active directory" so I am unable to request the new certificate.

I also tried following step three titled "3. If the customer has a 2003 Standard Edition, Enterprise CA" and I was able to create the certificate and install it. However instead of being good for a year, the new certificate expires tomorrow morning just like the current one that is being used. Not sure why that happened.

I was trying to follow directions at this link.


However, I don't understand this part of it.

View the Active Directory dNSHostName attribute on the pkiEnrollmentService object. This object is in the following location:
CN=CertificateServer,CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=MyDomain,DC=com

I opened ASDIedit but I am unable to find the place for the dNSHostName attribute.


Question by:JustinGSEIWI
  • 2

Author Comment

ID: 35741764
I was reading a Microsoft article and it said "A CA cannot issue a certificate with a longer validity period than its own CA certificate." I think this is the reason the new certificate I created will expire tomorrow. Looking at the CA list of issued certificates, all the certificates expire tomorrow. So I think what needs to be done is that some sort of main certificate needs to be renewed. I am not sure if this will occur automatically or if I need to do something.

Accepted Solution

JustinGSEIWI earned 0 total points
ID: 35742713
I found what I needed in the two links below. First I needed to renew my CA and then I could renew my certificate for communications server.


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question