Getting an access denied message when trying to manually publish a CRL in AD CS

ndalmolin_13
ndalmolin_13 used Ask the Experts™
on
Hello Certificate Experts,

I’m having an issue publishing the CRL from my enterprise certificate authority.  When I go to manually publish the CRL, I get the following access denied message:
CRL-Access-Denied.png
The configurations on the enterprise CA for the CRL distribution point are as follows:
CRL-Distribution-Point-Config.png
The enterprise certificate authority also hosts the web page for the CRL.  The folder for the web page is on the D drive of the server and it is named pki.  The share and NTFS permissions for this folder are as follows:

Share permissions:
PKI-Share-Permissions.png

NTFS Permissions:
pki-ntfs-permissions.png

Everything I have read states that the computer account of the CA needs to have the permissions listed above.  The computer name is XXXX-SUBCA1.  I'm hoping another set of eyes can see what I'm missing.

Thanks for your help.
Nick
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technical Lead - Network Support
Commented:
Hi,

Do the CA server has NTFS & Share WRITE permission on the CertEnroll (C:\windows\system32\certsrv\certenrol) folder?

Also refer, it may help:-https://technet.microsoft.com/en-us/library/cc772603(WS.10).aspx

Thanks,

Author

Commented:
I look good on the share and NTFS permissions on the certenroll folder (screen shots below);

certenrol-share.png

Certenrol-NTFS.png
I will read through the link you provided.

Thanks for your help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial