Solved

How can I remove the field 'include e-mail address from a template' on a Windows Server 2012 R2 CA ?

Posted on 2014-12-09
2
179 Views
Last Modified: 2014-12-15
I am using a Windows Server 2012 R2 subordinate CA in my enterprise.  Some certificates failed which I discovered to be caused by the active template check box "Include e-mail address - Yes".  Simply deleting the issued certificate template, and creating another does not clear the issue.

Creating the file CAPolicy.inf as shown below, followed by a reboot also does not clear the problem.

[Version]
Signature="$Windows NT$"
[Certsrv_Server]
LoadDefaultTemplates=0

Any assistance would be appreciated.  Thank you.
0
Comment
Question by:LukeMo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40492101
Some certificates template require custom request such as web server template

Some certificate do require that certificate subject to be generated from AD attribute automatically such as user and workstation authentication

Now if you have duplicated templates which do not require automated information from AD such as Web Server and if you force them to supply info from AD, they will get fail most probably

U can check default certificates in CA snap-ins to identify if certificate requires custom information or it will built from AD

Also for those templates where email is required to build certificate subject, email address must exists in user properties or else request will fail
http://technet.microsoft.com/en-us/library/cc725621(v=ws.10).aspx
0
 
LVL 1

Author Closing Comment

by:LukeMo
ID: 40500803
the link you provided helped quite a bit.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question