Solved

How can I remove the field 'include e-mail address from a template' on a Windows Server 2012 R2 CA ?

Posted on 2014-12-09
2
177 Views
Last Modified: 2014-12-15
I am using a Windows Server 2012 R2 subordinate CA in my enterprise.  Some certificates failed which I discovered to be caused by the active template check box "Include e-mail address - Yes".  Simply deleting the issued certificate template, and creating another does not clear the issue.

Creating the file CAPolicy.inf as shown below, followed by a reboot also does not clear the problem.

[Version]
Signature="$Windows NT$"
[Certsrv_Server]
LoadDefaultTemplates=0

Any assistance would be appreciated.  Thank you.
0
Comment
Question by:LukeMo
2 Comments
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40492101
Some certificates template require custom request such as web server template

Some certificate do require that certificate subject to be generated from AD attribute automatically such as user and workstation authentication

Now if you have duplicated templates which do not require automated information from AD such as Web Server and if you force them to supply info from AD, they will get fail most probably

U can check default certificates in CA snap-ins to identify if certificate requires custom information or it will built from AD

Also for those templates where email is required to build certificate subject, email address must exists in user properties or else request will fail
http://technet.microsoft.com/en-us/library/cc725621(v=ws.10).aspx
0
 
LVL 1

Author Closing Comment

by:LukeMo
ID: 40500803
the link you provided helped quite a bit.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access ACCDE without Encryption 1 25
Domain admin accounts get locked out 35 80
php extract($_REQUEST) 5 88
Best Group or Permissions for Domain User to run Scheduled Task 44 53
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question