Web Enrollment Certificate Request Denied

From: Max (maxroberts1_at_yahoo.com)
Date: 07/05/04 

Date: 4 Jul 2004 20:59:23 -0700

I'm getting the following error when requesting a V1 EFS certificate
using web enrollment over our Windows 2000 IIS web enrollement server
(requesting the cert from a Windows 2003 Issuing CA):

"Certificate Request Denied

Your certificate request was denied.

Your Request Id is 5. The disposition message is "Denied by Policy
Module 0x80094800, The request was for a certificate template that is
not supported by the Certificate Services policy: EFS;;;;;;;;;;;;Basic
EFS. ".

Contact your administrator for further information."

When I request an EFS certificate using the MMC I have had no problem
at all and have done this from multiple workstations and servers. But
everytime I try the request through the web enrollment, I get this
error. This happens even though my account has full control access
(including enroll) to the EFS Certificate Template.

We are not using constrained delegation, and both the Windows 2000 web
enrollment server and the Windows 2003 Issuing CA are trusted for
delegation. We are using Windows Integrated authentication on the web
server.
We are using the Windows Default policy module currently on the
Windows 2003 Issuing CA.

I have searched through the new "Configuring and Troubleshooting
Windows 2000 and Windows Server 2003 Certificate Services Web
Enrollment" and haven't found anything that relates to this error.

Any help would be much appreciated.

Thanks!

Relevant Pages

  • Re: Web Certificate Enrollment security problem
    ... CERTSVC_DCOM_ACCESS security group of the server with the CA (have added ... The only thing that doesn't work is Web enrollment. ... access auditing and logging "issue and manage certificate requests" on the ... Have seen that there is a component "Certsrv Request" when launching ...
    (microsoft.public.security)
  • Re: Cannot request computer certificate.
    ... you are using Windows 2003 see if there is any info in failed requests. ... I would run the support tool netdiag on your domain controller [at least ... I need to request a computer certificate for VPN server. ...
    (microsoft.public.windows.server.security)
  • Re: RPC Server Unavailable When Requesting Computer Certificate
    ... Brian explained what the solution was for Windows 2003 CA though that does ... certificate via Web Enrollment to request an offline ipsec certificate for ... his computer via an advanced certificate request and being sure to select ... >I don't believe there is any documentation but I have tried it in the past ...
    (microsoft.public.windows.server.security)
  • Re: Auto certificate and key generation to pfx
    ... Best Practices for implementing Windows Server 2003 PKI: ... Troubleshooting Certificate Status and Revocation whitepaper: ... Regarding the certificate request: ...
    (microsoft.public.platformsdk.security)
  • Re: RPC Server Unavailable When Requesting Computer Certificate
    ... Brian explained what the solution was for Windows 2003 CA though that does ... certificate via Web Enrollment to request an offline ipsec certificate for ... his computer via an advanced certificate request and being sure to select ... >I don't believe there is any documentation but I have tried it in the past ...
    (microsoft.public.security)