Re: Complicated root CA issue..

From: =pathfinder= (pathfinder_at_discussions.microsoft.com)
Date: 06/07/05 

Date: Tue, 7 Jun 2005 13:07:28 -0700

Thanks Steven, that did the trick.
one other thing: why is it that if i choose the advanced option and
manually choose a different (subordinate) CA to give me the cert it fails
complaining of "you do not have permission to do this or the CA is not
running"? When i try the process again but choose the default options (uses
the root CA) it all works?

"Steven L Umbach" wrote:

> Assuming everything is working correctly you could logon to the domain
> controller as a domain admin and then use the mmc snapin for certificates
> for computer to request a domain controller certificate. Go to the
> personal/certificates folder, right click, select all tasks - request new
> certificate and select domain controller certificate. --- Steve
>
>
> "=pathfinder=" <pathfinder@discussions.microsoft.com> wrote in message
> news:4FE024BE-8CD0-42D2-BC96-229A4F95E885@microsoft.com...
> > Ok, we have 6 DC's. I built 3 in the last year but a previous admin built
> > the original 3 DC's. I have an enterprise Root CA, it has issued Domain
> > Controller certs to the 3 DC's I built but I can't get Domain Controller
> > certs to the original 3 DC's. I created an enrollment policy for the
> > Domain
> > Controller certs but only 1 of the original DC's picked that up.
> >
> > I really need to get Domain Controller certs on all my DC's as I am
> > deploying WPA-Radius WiFi and need to use PEAP to authenticate my users.
> > The
> > PEAP works fine on a DC that has its cert will PEAP can't be configured on
> > a
> > DC with out the cert.
> >
> > Any ideas on what I can do to force a Domain Controller cert onto the 3
> > original DC's?
> > How do I request a Domain Controller cert manually?
> >
>
>
>

Relevant Pages

  • Re: Best Practice approach in Replacing an Enterprise CA
    ... reinstalling on another server. ... Autoenrollment for the Domain Controller certificate did not occur anymore, ... cert on the personal store issued by the previous ent root CA. ...
    (microsoft.public.windows.server.security)
  • Auto enrollment Domain Certificate not working (error 13)
    ... Hi we have problem with getting the domain controller to get Certs. ... If we manually try to get a cert from a dc(Certificate Enrollment,Domain ... net start certsvc ... Restart certsvc and when it started and we run the command above it says ...
    (microsoft.public.windows.server.active_directory)
  • Auto enrollment Domain Certificate not working (error 13)
    ... Hi we have problem with getting the domain controller to get Certs. ... If we manually try to get a cert from a dc(Certificate Enrollment,Domain ... net start certsvc ... Restart certsvc and when it started and we run the command above it says ...
    (microsoft.public.security)
  • Re: Manually removing cert server from AD
    ... I don't think cert is required for AD services except you have applications ... that requires certificate to use AD for authentication. ... server wont cause some authentication issues for my existing AD ... system failed to enroll for one Domain Controller certificate ...
    (microsoft.public.windows.server.active_directory)
  • Re: Manually removing cert server from AD
    ... Maybe i should ask it this way - is a cert server required for AD services? ... system failed to enroll for one Domain Controller certificate ... and TS servers and see that they have a local computer certificate ...
    (microsoft.public.windows.server.active_directory)
Quantcast