Link to home
Start Free TrialLog in
Avatar of Ryan Mignosa
Ryan MignosaFlag for United States of America

asked on

Active Directory Certificate Services 2012 R2 post installation help

I have a new Enterprise Root certificate server and need assistance configuring it.  Other than installing the certificate authority and CA web enrollment roles not much else has been done.  All installation guides and videos end at the completion of the role installations.  I know there's got to be more to do from application security,  AD changes, and IIS security.

Currently i'm unable to browse to the website outside the server to request certificates.  Also if I run through the certificate enrollment wizard on a server I can't see the new server by default and when I check the box to show all enrollment servers it says "you do not have permission to request certificates from this certification authority (CA).  The permissions on this certification authority do not allow the current user to enroll for certificates."

I'm a member of the domain admins and enterprise admins groups.

Lastly this server stands side by side with another Root CA.  The current production CA is windows server 2003 and needs to be retired.
Once I get the new CA working and tested the old will be decommissioned.
Avatar of Ganesh Anand
Ganesh Anand
Flag of Bahrain image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ryan Mignosa


Thank you for the links provided Ganesh

What really helped was the portion that spoke about how long it takes for new templates to be available for use.
This is what happened in my case.  After configuring the new root CA I immediately started testing.  Unfortunately I couldn't see the new root CA from the client enrollment wizard or it was greyed out.  I tried this for 2-3 hours and finally went home.
When I got into the office the next morning I found that all my domain controllers had auto-enrolled and I was able to create a cert using the wizard.

Thanks again
Yes you are right, it takes time to auto enroll. Also if you want to speed up, you need to restart the root CA. I am glad your problem is resolved. Good Luck to you.