techmiss
asked on
Windows CA Migration - Template Problem
Hi All,
I have migrated my Root CA from Windows 2003 DC to a Win Server 2008 R2 member server.
All has gone well but when I click on "Certificate Templates" in the CA console I get the message "Template Information could not be loaded. Â Element Not Found"
When I right click and select "Manage" I get a list of templates on the machine it used to be on....what have I missed?
Cheers
K
I have migrated my Root CA from Windows 2003 DC to a Win Server 2008 R2 member server.
All has gone well but when I click on "Certificate Templates" in the CA console I get the message "Template Information could not be loaded. Â Element Not Found"
When I right click and select "Manage" I get a list of templates on the machine it used to be on....what have I missed?
Cheers
K
ASKER
Hi Thanks,
I already checked that and the Authenticated Users group is in there still.
K
I already checked that and the Authenticated Users group is in there still.
K
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Used flag in registry to ascertain what the original install was - then used this install correct version of CA and restore.
K
K
MS says The behavior can occur because the Authenticated Users group is removed from the template's access control list (ACL). The Authenticated Users group is on a template ACL, by default. (The CA itself is included in this group.) If the Authenticated Users group is removed, the (enterprise) CA itself can no longer read the template in the Active Directory, and therefore, certificate requests can be unsuccessful.
If an administrator wants to remove the Authenticated Users group, each and every CA's computer account must be added to the template ACLs and set to Read.
If authenticated users have been removed from the ACLs of a template, the following errors may be observed when the CA starts and when a certificate is requested against the template.
Also, try this link http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/4e74b829-4868-48ae-a5ba-cd2dc00af932/