Solved

Cannot request certificates

Posted on 2014-09-08
6
3,993 Views
Last Modified: 2014-09-09
Hi
If I go on my http://CAservername/certsrv, and click on "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.", I get this error:

"No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory"

My CA server is a domain member (not a DC) Windows 2008 R2 server. Using the Certificate Template Console, all templates are present.

Thanks for helping,

Sebastien
0
Comment
Question by:deewave
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:Steve Whitcher
ID: 40310030
When you access the certsrv page, are you doing so as a standard user or an administrator?
Is there a specific template you're trying to use?
If you know the template you need, pull up the properties of that template in the Certificate Templates snap-in.  On the security tab, confirm that the account you are using has permission to enroll a certificate with that template.

Regarding the last part: "Using the certificate template console, all templates are present" - The certificate templates console lists templates that exist on the server, but not all of those templates are necessarily available to be issued by the server.  Check in the Certification Authority snap-in.  Expand your server name, and select the Certificate Templates folder.  Here you'll find a list of templates that the server can issue.  If the template you need is not listed here, right click and select "New > Certificate Template to Issue".  From there you can select a template from the templates that are listed in the certificate template snap-in.
0
 

Author Comment

by:deewave
ID: 40310074
Hi Steve
Thanks for the quick reply

I'm doing it as an administrator. I would use the Web Server template, but their is no template available in the drop-down list.
templates.jpg
Yes I verified the permission for the template and I (administrator) do have the rights

In the Certification Authority snap-in, the template is listed
certificate.jpg
Thanks,
Sebastien
0
 
LVL 6

Accepted Solution

by:
Steve Whitcher earned 500 total points
ID: 40310201
Unfortunately, there are quite a variety of problems which might cause the behavior you're seeing.  Hopefully a few more questions can help to narrow it down:

Is this a single forest/single domain environment?  If not, is the CA in the root domain or a child domain?  How about the admin account you're using?

Are you being prompted to log into the certsrv web page at any point?  If not, check the authentication settings in IIS manager for the CertSrv site.  If Anonymous Authentication is enabled, you may not actually be authenticating to the web site with your domain account, which would explain why you don't have the right permissions.  

It could be helpful to check your IIS logs  - %SystemDrive%\inetpub\logs\LogFiles\w3svc1\ - You should find a record of the individual requests coming in to the server.  Find the time stamps that match your request (the logs will be recorded in UTC, so adjust for your time zone as needed.)  It should include the account used to authenticate to the server.  Is it the account you expected?

Another thing you could try would be creating a duplicate of the Web Server template, and allowing Everyone read and enroll permissions.  Then go to the Certificate management snap-in and right click "Certificate Templates", select "New > Certificate Template to Issue", and choose the newly created template.  Restart the Certificate Services, then check the web site again.

Lastly, have you checked event viewer on the server for any errors that might be relevant?  

Steve
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:deewave
ID: 40310400
I've rebooted the server, and now everything is fine!!??

Oh well... thanks for your help Steve.

Sebastien
0
 
LVL 6

Expert Comment

by:Steve Whitcher
ID: 40310407
Glad you got it working!
0
 

Author Closing Comment

by:deewave
ID: 40311990
I'll accept Steve's solution, because he did suggest to have a look at the Event Viewer ("Lastly, have you checked event viewer on the server for any errors that might be relevant?"). If I did, I'd have seen that my server was achy and needed a reboot.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question