CA Server and CA Web Enrollment on two different Machines
From: David Moore (anonymous_at_discussions.microsoft.com)
Date: 01/11/04
- Next message: Amihai Bareket: "Smart Card Logon through terminal services"
- Previous message: Roger Abell [MVP]: "Re: Warning: MVP.org is not an MSoft MVP site"
- Next in thread: David Moore: "RE: CA Server and CA Web Enrollment on two different Machines"
- Reply: David Moore: "RE: CA Server and CA Web Enrollment on two different Machines"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 11 Jan 2004 12:11:22 -0800
I'm trying to get Certificate Services running on our
network. I have a network that has four servers, and
around 30 XP clients. I would like to install the CA
services on one machine, and the Web Enrollment on a
different machine. The rest that I would like to do this
is that the Servers that are being used for this project
are not the most powerful machine on this plant, and I
don't really think that they could handle the enrollment
and the CA function on the same machine. I have decided to
go with the stand-alone structure; due to the fact that a
lot of Certificates will be issued out side of the
company. I have installed the Certificate Services on the
machine with the most power of the two, which happens to
be our domain controller running Active Directory. This
domain controller's only job before this project was
solely doing authentication within the Active Directory,
and DNS. The installation went very well on this server
with no problems at all.
I then moved to the installing the Web Enrollment services
on the other machine. This machine is our current Web
Server that is running IIS. I followed the documentation
in this process, which seemed to install exactly has the
documentation was written. After the install, I go to the
web pages to see if it works; it appears that most things
do but I have not actually tried to request a certificate.
The thing that I'm running into is that the "Download a CA
certificate, certificate chain, or CRL" link, does not
work. When I click on this I get "An unexpected error has
occurred: The Certification Authority Service has not been
started".
Things I have tried:
1. Rebooting both servers.
2. Confirming the delegation in Active Directory for the
Web Server. Which from my understanding, it is not
actually required in a Stand-Alone solution.
3. Installing IIS on the CA Server to see if the same
problem occurs there, which it does not. Works fine on the
CA Server directly.
4. Confirmed that the Web Server was ASP enabled, which I
knew it was due to the fact that we run a lot of ASP on
the server everyday.
5. Made sure that the certsrv virtual directory had
execution enabled for scripts. It does.
6. Checked the event logs for errors, but there was no
errors.
I have missed something somewhere, but I have read the
documentation from Microsoft on doing this over and over.
I have searched the web for this problem in no tell how
different many ways. I know that other people are having
this problem because in searching the web for the file
certcarc.asp, which the file the web browser is trying to
open when the error occurs, I find several different
servers that appear to have the same error message.
Someone out there has had to have had this error and
actually fixed it. Any help on getting this to work would
be highly appreciated.
David
- Next message: Amihai Bareket: "Smart Card Logon through terminal services"
- Previous message: Roger Abell [MVP]: "Re: Warning: MVP.org is not an MSoft MVP site"
- Next in thread: David Moore: "RE: CA Server and CA Web Enrollment on two different Machines"
- Reply: David Moore: "RE: CA Server and CA Web Enrollment on two different Machines"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
