Solved

Microsoft Certificate Authority - New Template for VMware vSphere SSL Certificates

Posted on 2015-01-05
7
179 Views
Last Modified: 2015-01-18
Unable to issue/enable new template. Newly created template does not appear.

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2062108

Doesn't appear to be an replication issue. All domain controllers have the newly created template. Adequate time has passed.

The newly created template is a duplicate of the default Web Server template with some modifications per VMware KB 2062108.

"Supply in the request" yes

"Enroll allow permissions" yes

Windows Server 2012 R2

Any and all input appreciated.

Thank you,

Caleb Meadows
0
Comment
Question by:CogentCoIT
  • 4
  • 3
7 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 40532855
What are you expecting, the web template is not available for auto enroll.

You can use the certsrv url to submit the csr for signature.

I guess I am missing what you are asking.
Replication has nothing to do with CA templates unless these DCs are subordinate/issuing CAs.
0
 

Author Comment

by:CogentCoIT
ID: 40533708
Thank you for your prompt response Arnold. My apologies if I was not clear. Please see attached PDF document that includes screenshots.

After duplicating the Web Server template to create the VMware-SSL template including the modifications requested by VMware per:

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2062108

The newly created VMware-SSL template does not appear in the list to be enabled on the certificate authority.

In addition; the newly created VMware-SSL certificate is not an available template to choose from the certsrv url.

I'm following this article to issue Microsoft CA signed certificates to my VMware vSphere environment.

http://theithollow.com/2014/08/create-vmware-ssl-certificate-requests/#comment-22551
Experts-Exchange.pdf
0
 
LVL 77

Expert Comment

by:arnold
ID: 40533749
What name did you give this template?  
Might you have overwritten the default web server template?


If you go back to the certtemplate MMC, do you see the vmware template listed there?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:CogentCoIT
ID: 40533756
What name did you give this template?  VMware-SSL

Might you have overwritten the default web server template? Not a chance
0
 
LVL 77

Expert Comment

by:arnold
ID: 40533781
Is the template listed in the template creation interface?
Check the properties of the newly created template. Permissions.
Not sure what is  preventing it from being display, see if refreshing the list or loadin the certca mmc a new will reflect the newly created template in the manage section.
0
 

Accepted Solution

by:
CogentCoIT earned 0 total points
ID: 40547486
Known bug/fix identified by Microsoft support:

From a domain controller; launch ADSIEdit.msc, then expand CN=Configuration | CN=Services | CN=Public Key Services | CN=Enrollment Services. Right click the CA in the right pane that you want to enroll from and click properties. Find the flags attribute; and verify that it is set to 10. If it isn't set to 10, then set it to 10 using ADSIedit.msc and allow for Active Directory replication to complete.
0
 

Author Closing Comment

by:CogentCoIT
ID: 40556001
Known bug however Microsoft has failed to publish a KB article in relation to this specific issue and fix.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a hurry?.. scroll down to "HERE's HOW TO DO IT" Section. Greetings All, I was going to post this as question/solution, but its seems more appropriate as an article considering its length.  I felt it important to illucidate all the details c…
Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now