Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain CA won't issue certs

Posted on 2015-02-18
3
Medium Priority
?
307 Views
Last Modified: 2015-02-18
Hello,

I was trying to make a new cert template today and it would only issue for 1 year out.  I noticed the root cert only had a date for a year out also.  So on the CA I clicked the Renew CA certificate.  This ran through without any issues.  Now when I try to request a new certificate it wont work.  It doesn't show any templates available.  If I click show all the computer certificate says "The permissions on this certificate authority do not allow the current user to enroll for certificates."  If you look at the attachment there is a little more to the error.   We didn't change anything except renewing the CA cert so I am not sure what broke.  I checked all the permissions I could find and don't see anything obvious.   Does anyone have anything to try?
Thanks in advanced.
cert-error.JPG
0
Comment
Question by:Tim Lewis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:Tim Lewis
ID: 40617728
other info... Windows 2008 R2 DC with 2008 AD.    Trying to request Public cert for web services on another windows 2008 R2 server.
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 2000 total points
ID: 40617862
First thought: within the CA MMC, for your CA, go to the Revoked Certificates, right click, all tasks, and Publish -- A New CRL.

If you open the properties of the CA, does it still show both the old and the new CA certificates in the general tab?

And just to double check... have you stopped and restarted the CA service?

And because changing the Root CA means a new root certificate has to be propagated thru your domain, have you tried a gpupdate /force on the web server?

I can't seem to force my test CA to renew, so I can't reproduce the problem... but still looking to see if I can find a more definitive solution.
0
 

Author Comment

by:Tim Lewis
ID: 40617931
awesome.  I published the new CRL and ran GPupdate /force on both machines and it seems to working now.  I am guessing it was the CRL since I restarted the server once already which should have forced the GPupdate anyway.  Thanks for the help.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question