lkpdtechdiv
asked on
Windows 7 Enrollment Agent
I've got a Server 2008 R2 Enterprise Certificate server. I'm trying to setup my workstation to be an enrollment agent so I can enroll on behalf of other users from the Certificate Manager snap-in.
Here's what I've done so far.
My user account is a Domain Admin, and I've verified that Domain Admins have Read/Enroll permissions for the Enrollment Agent template and the template that I want to enroll on behalf of.
From my workstation, I've requested and received an Enrollment Agent certificate, and it currently resides in my Local User -> Personal -> Certificate store.
When I try and "Enroll on Behalf of," I am unable to see that Enrollment Agent certificate (see attached screenshot).
I've tried placing the Enrollment Agent Certificate in almost every local certificate store, and I still can't select it when enrolling on behalf of another user.
I logged in as the Domain Administrator account on the CA server, requested an Enrollment Agent Certificate, and am able to enroll on behalf of other users just fine, but only when logged into the CA server as the Domain Admin.
I haven't tested logging in as myself on the CA server, or logging on to my workstation as Domain Admin to narrow down if it is the Account or the Computer that is enabling me to EOBO when logged in as Domain Admin on the CA server.
Any advice is appreciated.
Thanks!
Capture.PNG
Here's what I've done so far.
My user account is a Domain Admin, and I've verified that Domain Admins have Read/Enroll permissions for the Enrollment Agent template and the template that I want to enroll on behalf of.
From my workstation, I've requested and received an Enrollment Agent certificate, and it currently resides in my Local User -> Personal -> Certificate store.
When I try and "Enroll on Behalf of," I am unable to see that Enrollment Agent certificate (see attached screenshot).
I've tried placing the Enrollment Agent Certificate in almost every local certificate store, and I still can't select it when enrolling on behalf of another user.
I logged in as the Domain Administrator account on the CA server, requested an Enrollment Agent Certificate, and am able to enroll on behalf of other users just fine, but only when logged into the CA server as the Domain Admin.
I haven't tested logging in as myself on the CA server, or logging on to my workstation as Domain Admin to narrow down if it is the Account or the Computer that is enabling me to EOBO when logged in as Domain Admin on the CA server.
Any advice is appreciated.
Thanks!
Capture.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Seth Simmons
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.