Re: CA web component problems

From: Eric Chamberlain (eric_james_chamberlain_at_hotmail.com)
Date: 05/10/03 

Date: Sat, 10 May 2003 01:20:15 GMT

Yes. I suspect something is not right with the delegation. On the CA, I am
only seeing a successful Anonymous Logon from the RA. Should the logon or
additional activity use the users credentials? I'm not seeing anything
being denied. Using netmon on the RA, I can see connection to the CA and
traffic comming back from the CA, before the RA returns the web page with
the error message.

"Vishal Agarwal" <vishala@microsoft.com> wrote in message
news:uz0w$mnFDHA.3272@tk2msftngp13.phx.gbl...
> Yes, the CA should have certsrv request entry. The launch permission
should
> allow "everyone". Is that the case?
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights
> "Eric Chamberlain" <eric_james_chamberlain@hotmail.com> wrote in message
> news:ulb7TAlFDHA.1548@TK2MSFTNGP12.phx.gbl...
> > The CA has a CertSrv Request entry, the RA does not, is that correct?
> What
> > permissions should users have?
> >
> > --
> > Eric Chamberlain, CISSP
> > Campus Active Directory Architect
> > Central Computing Services
> > University of California, Berkeley
> > http://calnetad.berkeley.edu
> >
> >
> > "Vishal Agarwal" <vishala@microsoft.com> wrote in message
> > news:OGPpW0kFDHA.3272@tk2msftngp13.phx.gbl...
> > > I'd look into the DCOM ACLs for dcomcnfg.exe under Console
> Root->Component
> > > Services->Computers->My Computer->CertSrv Request Then right-click and
> > > select Properties
> > >
> > >
> > > --
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights
> > > "Eric Chamberlain" <eric_james_chamberlain@hotmail.com> wrote in
message
> > > news:LrHua.474$GA4.83272750@newssvr15.news.prodigy.com...
> > > >
> > > > "Vishal Agarwal" <vishala@microsoft.com> wrote in message
> > > > news:ed16AucFDHA.2068@TK2MSFTNGP10.phx.gbl...
> > > > > Could you please confirm that the Enterprise Admin account you are
> > using
> > > > is
> > > > > NOT marked as sensitive? (If it is marked then it won't be allowed
> to
> > > > > delegate).
> > > > > Is a normal user able to enroll via web pages?
> > > > >
> > > > > Thanks,
> > > > > Vishal [MSFT]
> > > >
> > > > The Enterprise Admin is not marked as sensitive. And a normal user
is
> > not
> > > > able to enroll via web pages. Both accounts get the same error
> message.
> > > > With the web components installed on the CA, both users are able to
> > > request
> > > > certificates.
> > > >
> > > >
> > >
> > >
> >
> >
>
>