Re: Unable to request Certificates through Certificate Services web interface

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 10/08/03 

Date: Wed, 8 Oct 2003 12:36:32 +1000

Hi Stephen,

Not sure about the MMC problems you are having, but for the error you are
seeing in your web-browser, can you try the following?

For the actual .ASP page in question, open it up with Notepad, comment out
the On Error Resume Next line by prepending a ' mark, eg:

' On Error Resume Next

then reload the page in your browser. If you are using IE, make sure you
turn off "Show Friendly HTTP Errors" in Tools -> Options -> Advanced. Then
you should see the real error.

That said, the most common "real" error is something like:

===
VBScript runtime error '800a000d'
Type mismatch: 'Session'

somepage.asp line XX
===

If this is the case, then you need to renable ASPSession state for the web
application in question. In the IIS MMC Snapin, goto the certsrv web app,
right-click -> properties -> home directory tab -> configuration button ->
App options tab -> Enable Session State (check this)

If you get some other error than the above, please post it here.

Cheers
Ken

"Stephen" <Stephen@4omnitech.com> wrote in message
news:uRaNyrTjDHA.1964@TK2MSFTNGP12.phx.gbl...
: Before I explain my problem, my setup is as follows...
: Server1: Windows Server 2003 Domain Controller, DNS
: Server2: Windows Server 2003 running Certificate Services and IIS (Member
of
: the domain)
: Computer1: Windows XP Pro (Not a member of the domain)
:
: I am unable to create Certificate requests using the CERTSRV website from
: any of the computers.
: I keep getting the following error... Failed to create
: 'CertificateAuthority.Request' Object
: I can create a request using the Certificates snapin from Server1 and
: Server2 but not Computer1. The error message says "The wizard cannot be
: started because... -There are no trusted CA's available or - You do not
have
: permission to request certificates from the available CA's or -The
available
: CAs issue certificates for which you do not have permissions."
:
: Server1 has an IPSec policy that...
: a. Requests all communication be secure (Authenticating with certificates)
: b. Permits unsecure communication to Server2
: c. Permits unsecure communication to external DNS servers
:
: Ultimately what I want to do is request a machine Certificate for
Computer1
: so that I can set up an IPSec policy allowing it to communicate with
Server1
: and then join the domain.
:
: Any suggestions would be greatly appreciated.

Loading