Re: Renew Sub CA error

From: Vishal Agarwal[MSFT] (vishala_at_online.microsoft.com)
Date: 05/09/04

• Next message: Tom: "Re: Renew Sub CA error"
• Previous message: Aafaq: "Monitoring/Audit of privileged accounts"
• In reply to: Tom: "Renew Sub CA error"
• Next in thread: Tom: "Re: Renew Sub CA error"
• Reply: Tom: "Re: Renew Sub CA error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 8 May 2004 23:01:22 -0700

Are the failing renewals happening on the renewing CA, or when you submit
the new certificate request to the parent CA?

Is the subordinate CA running Windows 2000 or Windows 2003?

Is the parent CA running Windows 2000 or Windows 2003?

How are you submitting the request -- or did you not get that far?

To install or renew an Enterprise CA, the user must be a local administrator
for the machine, and must also be an Enterprise and Domain Administrator.

The local machine is used to store the new certificate and private key, and
the certificate is also written to some DS objects under the Configuration
container in the root domain of the CA's forest.

If you are running as all three types of administrators, and you are still
seeing this error, please provide the log file from %windir%\certocm.log.

Thanks,

Vishal Agarwal [MSFT]

-- 
This posting is provided "AS IS" with no warranties, and confers no rights
"Tom" <anonymous@discussions.microsoft.com> wrote in message
news:A8B83407-9078-4098-B744-A29D4204AAED@microsoft.com...
> Hello!
>
> We use an Offline Root CA and several Enterprise Sub CA. Now we need to
renew the Sub CA certificates. But If an administrator tries to renew the
certficate via the msc he receives an error. I try to translate it from
german to english: You have not the right to request such a certficate.
>
> Does anyone solved this problem?
>
> Tom Noack
> Berlin, Germany

• Next message: Tom: "Re: Renew Sub CA error"
• Previous message: Aafaq: "Monitoring/Audit of privileged accounts"
• In reply to: Tom: "Renew Sub CA error"
• Next in thread: Tom: "Re: Renew Sub CA error"
• Reply: Tom: "Re: Renew Sub CA error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Renew Sub CA error ... You do not have permission to request a certificate based on the selected certificate template. ... Is the subordinate CA running Windows 2000 or Windows 2003? ... To install or renew an Enterprise CA, the user must be a local administrator ... (microsoft.public.win2000.security) Requesting a certificate for another user ... I've installed a Windows 2003 CA in Enterprise Mode. ... an administrator to request a certificate on behalf of another user? ... I don't want to burden a user with certificate request. ... (microsoft.public.win2000.security) Certificate Request Notification ... I have not been able to figure out a way to notify a certificate ... administrator when a new certificate is requested via Microsoft ... want to have to constantly check the request list considering there ... (microsoft.public.inetserver.iis.security) Certificate Request Notification ... I have not been able to figure out a way to notify a certificate ... administrator when a new certificate is requested via Microsoft ... want to have to constantly check the request list considering there ... (microsoft.public.win2000.security) Re: Computer and User Certificates Issues ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint