Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows Certificate Authority migration from Windows 2003 to Windows 2008 fails

Posted on 2014-12-12
1
Medium Priority
?
109 Views
Last Modified: 2015-04-22
Source server was Windows 2003 DC configured as an Enterprise CA.  Customer needed to move it off of the DC to Windows 2008 R2 to dcpromo the old server.

I followed all of the steps in the Technet articles and all appeared to go well, however when I tested post restore I received the following error from a client when I attempted to request a cert from a template.  The error was as follows:

Status:Unavailable
The permissions on the certificate do not allow the current user to enroll for this type of certificate.  You do not have permission to view this type of certificate.  

Found no errors in the event log.

When prepping for the migration the Technet doc stated it was sufficient to simply document with a screenshot all of the Templates which is what I did.  I found in another document that stated to use certutil to export a list of templates however it was too late.

Obviously I have missed something but what and how to I fix it without rolling back.  The customer does not want to roll back except as a very last resort.  I did notice the AD has a number of replication errors along with other problems.  Any help would be greatly appreciated.  Thanks.
0
Comment
Question by:ENTPF
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 20

Accepted Solution

by:
Peter Hutchison earned 2000 total points
ID: 40497797
You can set the auto-enroll or plain enroll permissions for users or computers with in Certificate Authority/Certificate Templates to allow users to enroll for new certificates:

http://technet.microsoft.com/en-us/library/cc753452.aspx
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question