Solved

Windows Certificate Authority migration from Windows 2003 to Windows 2008 fails

Posted on 2014-12-12
1
99 Views
Last Modified: 2015-04-22
Source server was Windows 2003 DC configured as an Enterprise CA.  Customer needed to move it off of the DC to Windows 2008 R2 to dcpromo the old server.

I followed all of the steps in the Technet articles and all appeared to go well, however when I tested post restore I received the following error from a client when I attempted to request a cert from a template.  The error was as follows:

Status:Unavailable
The permissions on the certificate do not allow the current user to enroll for this type of certificate.  You do not have permission to view this type of certificate.  

Found no errors in the event log.

When prepping for the migration the Technet doc stated it was sufficient to simply document with a screenshot all of the Templates which is what I did.  I found in another document that stated to use certutil to export a list of templates however it was too late.

Obviously I have missed something but what and how to I fix it without rolling back.  The customer does not want to roll back except as a very last resort.  I did notice the AD has a number of replication errors along with other problems.  Any help would be greatly appreciated.  Thanks.
0
Comment
Question by:ENTPF
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 40497797
You can set the auto-enroll or plain enroll permissions for users or computers with in Certificate Authority/Certificate Templates to allow users to enroll for new certificates:

http://technet.microsoft.com/en-us/library/cc753452.aspx
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question