Re: Enterprise CA access
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/10/04
- Next message: Steven L Umbach: "Re: screensaver is disabled by a command or exe"
- Previous message: Anselmo Q: "Re: Permissions on "Open Files""
- In reply to: Marko Loukkaanhuhta: "Re: Enterprise CA access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 09 Oct 2004 23:24:40 GMT
Interesting that it only happens to W2003 Servers. I tested on my Windows
2000 native domain and was able to request and receive certificates for my
Windows 2003 Server domain member via the mmc certificates snapin. From your
Windows 2003 Server are you able to access a share on the Certificate
Server? There may be a problem with incompatible security options for the
Windows 2003 Servers. It might be worth a try to go into the Local Security
Policy on the Windows 2003 Server and under security settings/local
policies/security options, set the option for Microsoft network
client:digitally sign communications(always) to disabled. Are there any
failed requests recorded in the CA Management Console? If there are they may
have a reason that may help. --- Steve
"Marko Loukkaanhuhta" <marko@ zzr1100.cc> wrote in message
news:%23$1Z50hrEHA.2900@TK2MSFTNGP12.phx.gbl...
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> kirjoitti
> viestissä:r2S9d.96520$He1.5920@attbi_s01...
>> For the Certificate Authority verify that it's computer account is
>> trusted for delegation in it's computer properties in AD Users and
>> Computers and look in Event Viewer to see if there any helpful info on
>> what the problem might be.
>
> No related events.
>
> Also verify that it is a member of the Cert Publishers group.
>
> It is.
>
> Then
>> I would check that you have connectivity to it by trying to access a
>> share on it and also run netdiag on both the CA and the computer you are
>> trying to request the CA from looking for any pertinent failed
>> tests/errors/warnings particularly relating to dns, dclist, kerberos, or
>> secure channel. Netdiag is one of the support tools that is available on
>> the install disk in he support/tools folder where you need to run the
>> setup to install them. Does just this one particular computer have a
>> problem requesting a certificate via mmc certificate snapin or do all the
>> domain computers?
>
> Funny, I forgot to tell that there is no problem with w2000 servers. Just
> every computer that runs windows server 2003 has the same problem. Windows
> 2000 servers does not have this issue. So, domain is 2000 native, and ras
> server is w2k3.
>
> Can the CA
>> request a certificate for itself via the mmc certificate snapin?
>
> Yes.
>
> --
> Marko
>
>
- Next message: Steven L Umbach: "Re: screensaver is disabled by a command or exe"
- Previous message: Anselmo Q: "Re: Permissions on "Open Files""
- In reply to: Marko Loukkaanhuhta: "Re: Enterprise CA access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
