Solved

Microsoft Certificate Authority - New Template for VMware vSphere SSL Certificates

Posted on 2015-01-05
7
176 Views
Last Modified: 2015-01-18
Unable to issue/enable new template. Newly created template does not appear.

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2062108

Doesn't appear to be an replication issue. All domain controllers have the newly created template. Adequate time has passed.

The newly created template is a duplicate of the default Web Server template with some modifications per VMware KB 2062108.

"Supply in the request" yes

"Enroll allow permissions" yes

Windows Server 2012 R2

Any and all input appreciated.

Thank you,

Caleb Meadows
0
Comment
Question by:CogentCoIT
  • 4
  • 3
7 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
What are you expecting, the web template is not available for auto enroll.

You can use the certsrv url to submit the csr for signature.

I guess I am missing what you are asking.
Replication has nothing to do with CA templates unless these DCs are subordinate/issuing CAs.
0
 

Author Comment

by:CogentCoIT
Comment Utility
Thank you for your prompt response Arnold. My apologies if I was not clear. Please see attached PDF document that includes screenshots.

After duplicating the Web Server template to create the VMware-SSL template including the modifications requested by VMware per:

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2062108

The newly created VMware-SSL template does not appear in the list to be enabled on the certificate authority.

In addition; the newly created VMware-SSL certificate is not an available template to choose from the certsrv url.

I'm following this article to issue Microsoft CA signed certificates to my VMware vSphere environment.

http://theithollow.com/2014/08/create-vmware-ssl-certificate-requests/#comment-22551
Experts-Exchange.pdf
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
What name did you give this template?  
Might you have overwritten the default web server template?


If you go back to the certtemplate MMC, do you see the vmware template listed there?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:CogentCoIT
Comment Utility
What name did you give this template?  VMware-SSL

Might you have overwritten the default web server template? Not a chance
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Is the template listed in the template creation interface?
Check the properties of the newly created template. Permissions.
Not sure what is  preventing it from being display, see if refreshing the list or loadin the certca mmc a new will reflect the newly created template in the manage section.
0
 

Accepted Solution

by:
CogentCoIT earned 0 total points
Comment Utility
Known bug/fix identified by Microsoft support:

From a domain controller; launch ADSIEdit.msc, then expand CN=Configuration | CN=Services | CN=Public Key Services | CN=Enrollment Services. Right click the CA in the right pane that you want to enroll from and click properties. Find the flags attribute; and verify that it is set to 10. If it isn't set to 10, then set it to 10 using ADSIedit.msc and allow for Active Directory replication to complete.
0
 

Author Closing Comment

by:CogentCoIT
Comment Utility
Known bug however Microsoft has failed to publish a KB article in relation to this specific issue and fix.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now