Unable to request certificates via web enrollment

Hello Experts,

I’m having an issue when I try to request a certificate via my certificate authority’s web.  When I try to submit a certificate request from the web interface, I get the following message:

No certificate templates could be found.  You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.

My environment is as follows:
-      I have a root domain (ABC.com) that really does not have anything in it.
-      I have a child domain (agency.ABC.com) – This is where all of my AD objects reside.
-      I have an offline root CA that is not part of any domain.
-      I have a subordinate CA that is a member of agency.ABC.com.

In troubleshooting the issue, I have done the following:
1.       I have made sure that the dNSHostName attribute on the subordinate CA and the sServerConfig value in the certdat.inc file match exactly.  


2.      On the certificate server, I created a new application pool and changed the application pool identity from ApplicationPoolIdentity to NetworkServices.  I did a reboot after this change.


3.      I made sure that the domain admins group of agency.ABC.com has the same rights in AD Sites and Services – Services – Public Key Services as the domain admin group of ABC.com


4.      I have verified rights on the certificate templates.

At this point, I’ve hit the max frustration level, so I thought I would reach out and see if I could find some help.  Any suggestions would be greatly appreciated.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ndalmolin_13Author Commented:
I went through the comments on the link provided above.  I did not have the SSL configured.  I configured that, but I'm still getting the same message.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.