Re: CA web component problems

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 05/08/03 

Date: Thu, 8 May 2003 05:33:46 -0700

Eric:

Is both the web enrollment pages and the certificate authority running
Windows Server 2003? That error usually means the machine account where the
web enrollment pages are installed is not trusted for delegation. We are
looking into this one. 

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Eric Chamberlain" <eric_james_chamberlain@hotmail.com> wrote in message
news:OgJYcmLFDHA.2100@TK2MSFTNGP11.phx.gbl...
> I'm trying to setup a Server 2003 Registration Authority, by installing
the
> Certificate Services Web components.  The CA (Server 2003) is in the W2K
> forest root domain and the RA is in another domain in the same forest.
I've
> enabled the web server for delegation via ADUC and rebooted the machine.
The
> install for the Certificate Services web components runs successfully, I
am
> able to select the Issuing CA.  The Certsrv folder is set to use
Integrated
> Authentication.  But, when I log in as an Enterprise Admin (local Admin on
> both machines) and navigate to the certrqma.asp web page, for example, I
get
> an error message saying that:
>
> An unexpected error has occurred:
> The Certification Authority Service has not been started.
>
>
> The web server has a DCOM error in the event logs:
>
> Event Type: Error
> Event Source: DCOM
> Event Category: None
> Event ID: 10006
> Date:  4/30/2003
> Time:  6:31:03 PM
> User:  MYDOMAIN\aDomainAdmin
> Computer: RA01
> Description:
> DCOM got error "General access denied error " from the computer
> ca.mydomain.edu when attempting to activate the server:
> {D99E6E74-FC88-11D0-B498-00A0C90312F3}
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> The only entry I can find in the CA logs, is a Successful Network Logon by
> the web server using NT AUTHORITY\ANONYMOUS LOGIN.
>
>
>
> --
> Eric Chamberlain, CISSP
> Campus Active Directory Architect
> Central Computing Services
> University of California, Berkeley
> http://calnetad.berkeley.edu
>
>
>

Relevant Pages

  • Re: Should I install Certificate Authority to solve these problems ?
    ... Implementing a PKI requires some thought, server builds, ... > Management is pushing to get Certificate Authority ... You have told them that this requires a minimum of two machines ... > 1) A server management tool can use certificates when the servers ...
    (microsoft.public.win2000.security)
  • Re: Should I install Certificate Authority to solve these problems ?
    ... team was planning to implement IPSec in our Win2003 domain. ... arguing that somebody can "spoof the system and a rogue server could pretend ... >> Management is pushing to get Certificate Authority ... > You have told them that this requires a minimum of two machines ...
    (microsoft.public.win2000.security)
  • Problem with certificates/L2TP VPN
    ... So we have a Windows 2000 RRAS VPN server which has been serving us ... IKE security association negotiation failed. ... Peer Issuing Certificate Authority ...
    (microsoft.public.windows.server.networking)
  • Re: Microsoft Certificate Authority
    ... This posting is provided "AS IS" with no warranties, ... Wherer can i ask question related to Microsoft Certificate Authority? ... installed on windows 2003 Stardard Server 32bit. ...
    (microsoft.public.windows.server.general)
  • Re: Setting up OWA SSL on a non-standard web port.
    ... > advanced server, I setup the win2k server as a ... > certificate authority so that I could run SSL for the ... > enable SSL is there a way to setup the SSL authentication ...
    (microsoft.public.exchange.setup)
Quantcast