Entrust Entelligence 9 on Win 7 could not find Certification Authority

Same epf is working on WinXP, but not on Win 7, and both PCs are in the same network segment

You may want to see if below help e.g. pkiview
@ http://blogs.technet.com/b/pki/archive/2011/02/28/quick-check-on-adcs-health-using-enterprise-pki-tool-pkiview.aspx

How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store @ http://support.microsoft.com/kb/295663

Also not the FW rules for Active Directory Certificate Services
@ http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx

Another means I was thinking is request certificates from a Windows-based certification authority (CA), you use the CA Web enrollment pages (assuming that is running in CA provisioning in your infra). E.g. https://servername/certsrv, where servername is the name of the server hosting the CA Web enrollment pages. We can try servername based on IP direct and its FQDN name. Both should work
@ http://technet.microsoft.com/en-us/library/cc770647.aspx

I located two applications "eesystry" and "eecwatch" generated error message "could not find Certification Authority". Looking into the log file, it said "PKI Configuration Data is missing from the registry".
Is there any reference that I can manually add this PKI configuration data inregistry to show both applications where the Certificate Authority?

I was thinking using pkiview to see what is working in the xp based on the necessary ntstore and fields needed. Then run it again in win7 to see what is missing...at least the backend is fine...

http://blogs.technet.com/b/pki/archive/2011/02/28/quick-check-on-adcs-health-using-enterprise-pki-tool-pkiview.aspx

I don't really recommend touching the registry or schema unnecessarily, you should raise the suppory to the entrust folks even initially.  

Coming back, There is also certutil.exe

The certification utility (certutil.exe) command allows you to determine the validity of issued certificates through the use of two switches:

certutil -verify –urlfetch

Using the –verify –urlfetch FileName switch allows you to see the output of the URL for each certificate. If it succeeds, it will display a “verified” output. If it fails, it will display an “error” output.

certutil -viewstore

The –viewstore output allows you to see the contents of a specific Active Directory Domain Services store or object, which lets you choose to view all certificates in that store.

If the certutil command does not function correctly, or you do not have a certificate, you will receive an error message that it failed.

Why I also say support should be better position since this is specific to the product though it uses the Windows Crypto API and has its interface to it. The tools so far (including the one link below) is more of example on the scenario using Windows CA not the Entrust application/CA. Will be good to see if error codes can help from event viewer (application or security) any specific application errors flagged out

http://blogs.msdn.com/b/windowsvistanow/archive/2008/04/08/troubleshooting-certificate-enrollment.aspx

Entrust in Windows
http://entrust.wpengine.netdna-cdn.com/wp-content/uploads/2013/05/esp_overview.pdf

Application Configuration
Security Provider will not use the traditional Entrust technique of storing configuration data in the entrust.ini file. While the entrust.ini file is simple to edit and easily ported to different systems and platforms, it has some limitations. The biggest limitations are that it can only contain data for one PKI and it is not easily managed remotely.

To overcome these limitations Security Provider will not use an “ini” file and configuration data will be stored in the Windows registry. The data will be stored to allow for multiple PKIs and remote management via common registry tools or Group Policy in an environment where Microsoft Active Directory is deployed.

Application configuration data will be stored in the Windows registry in both the machine and user settings. The machine settings will be used to store global configuration data included with the setup package and the user settings will be used to store per user configuration data generated at runtime.

Security Policy
Security Provider supports configuration data that is specified in Entrust policy certificates, which enforce settings such as password rules and inactivity timeout settings. The policy certificates will be stored in the CryptoAPI certificate store and data is customized by the Entrust Administrator in Entrust Authority on a per role basis.

FYI, (sidetracking) Understand that Entrust has a Entrust Solo based on self signed cert and does not communicate with a CA or other Public Key Infrastructure components. May be simpler if is for testing only. Solo has its own registry (pg 5 in link)

http://entrust.wpengine.netdna-cdn.com/wp-content/uploads/2013/05/eesolo_91_FAQs.pdf

The suggestion of Entrust reminded for alternative, and reminded me to check the reliability of installation package. It was solved after locateing the original installation package, and verified. Thanks