Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows Certificate Authority migration from Windows 2003 to Windows 2008 fails

Posted on 2014-12-12
1
97 Views
Last Modified: 2015-04-22
Source server was Windows 2003 DC configured as an Enterprise CA.  Customer needed to move it off of the DC to Windows 2008 R2 to dcpromo the old server.

I followed all of the steps in the Technet articles and all appeared to go well, however when I tested post restore I received the following error from a client when I attempted to request a cert from a template.  The error was as follows:

Status:Unavailable
The permissions on the certificate do not allow the current user to enroll for this type of certificate.  You do not have permission to view this type of certificate.  

Found no errors in the event log.

When prepping for the migration the Technet doc stated it was sufficient to simply document with a screenshot all of the Templates which is what I did.  I found in another document that stated to use certutil to export a list of templates however it was too late.

Obviously I have missed something but what and how to I fix it without rolling back.  The customer does not want to roll back except as a very last resort.  I did notice the AD has a number of replication errors along with other problems.  Any help would be greatly appreciated.  Thanks.
0
Comment
Question by:ENTPF
1 Comment
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 40497797
You can set the auto-enroll or plain enroll permissions for users or computers with in Certificate Authority/Certificate Templates to allow users to enroll for new certificates:

http://technet.microsoft.com/en-us/library/cc753452.aspx
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question