RE: Creating Site Server Signing Certificate Template

Permissions were checked-everything is in order, plus I’m using a default
“administrator” account which is part of all admin groups.
I visited the link that you provided, edited the registry but no changes.
As fas as replication it’s been more than a day.


"Miles Li [MSFT]" wrote:


Hello,

I am sorry that I have made a lapse in my previous reply.

From my understanding, you have enabled the signing certificate template
(you can view the enabled template in the CA MMC Certificate Template),
However, when you want to enroll a certificate via web enrollment you can't
find that specific template in the list. Please feel free to correct me if
there is any misunderstandings.

Please check the security on that template according to the following step:

1. Run "certtmpl.msc" in the commend prompt to open template manager.

2. Right click the signing certificate template--->properties--->Security.
Check whether the user account that perform the web enrollment request on
the member server has both READ and ENROLL permission.

Note: By default, Domain admins and Enterprise admins groups have the both
READ and ENROLL permission. This means if you submit the request by a
non-admin user account (standard user account) the template will not shown
in the list for the user has no ENROLL permission. (by default, the
Authenticated Users have the READ permission that is inherited from the
Computer Template)

Meanwhile, please also note that you may experience latency before the
template list gets updated.

281260 A Certificate Request That Uses a New Template Is
Unsuccessful
http://support.microsoft.com/default.aspx?scid=kb;EN-US;281260

Hope it helps.


Sincerely,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: SBS2003Premium Certification Authority from HELL!!!
    ... Can I assume that all the permission of this grey template encountered the ... Microsoft CSS Online Newsgroup Support ... | "No certificate templates could be found. ...
    (microsoft.public.windows.server.sbs)
  • Re: Membership in Admin groups resets Send As permissions - Blackberrys broken for administrator
    ... permission. ... one possible 'best practice' is to remove my 'normal' account ... are non operational with administrator accounts. ... The adminSDHolder object is a template for accounts that have broad ...
    (microsoft.public.exchange.admin)
  • RE: OWA Exchange 2007 - Client Access
    ... Do you access the "room" mailbox or the problematic user's mailbox itself ... when the user keeps getting prompted for logon credencials. ... Add User A account to the list. ... Highlight User A account and assign the Send As and Receive As permission ...
    (microsoft.public.exchange.connectivity)
  • RE: OWA Exchange 2007 - Client Access
    ... Add User A account to the list. ... Highlight User A account and assign the Send As and Receive As permission ... If a user account is a member of one of these administrative groups because ... 2.Please capture the screenshot of OWA logon when the user keeps getting ...
    (microsoft.public.exchange.connectivity)
  • Re: send as permission
    ... The Installation Guide references Exchange 2007 but the instructions are identical for 2003. ... This will give the BESAdmin account the Send As permission for all user objects. ... If you only have 20 users you can set the permission on just those manually or via a script, but you'll have to remember to grant the permission to any future BB users. ...
    (microsoft.public.exchange.admin)
Loading