Re: Autoenrollment
From: Thomas Liss (liss_at_ipcgmbh.com)
Date: 03/18/04
- Next message: Keith W. McCammon: "Re: How to close ports and which ones"
- Previous message: Richard: "How to close ports and which ones"
- In reply to: David Cross [MS]: "Re: Autoenrollment"
- Next in thread: David Cross [MS]: "Re: Autoenrollment"
- Reply: David Cross [MS]: "Re: Autoenrollment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Mar 2004 16:24:35 +0100
Thanks for your answer.
CA has Authenticated users-request Certificates, and my template has
Authenticated users-read, enroll and autoenroll. Autoenrollment works fine
if someone logs on directly to the CA, but not on the client. I have read
the autoenrollment document and tried to follow that step by step. I might
have missed something, just don't know what. Checked connectivity to the
domain (DC) again, works just fine..
Thomas
"David Cross [MS]" <dcross@online.microsoft.com> wrote in message
news:e20nR3ODEHA.1236@TK2MSFTNGP11.phx.gbl...
> Next step, check the permissions on the CA security tab and the
permissions
> on the templates to ensure the user has read and enroll and auto-enroll
> permissions.
>
> auto-enroll
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/plan/autoenro.asp
>
> Cert templates -
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/deploy/confeat/ws03crtm.asp
>
>
> --
>
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> http://support.microsoft.com
>
> "Thomas Liss" <liss@ipcgmbh.com> wrote in message
> news:eLh1BfLDEHA.3748@TK2MSFTNGP11.phx.gbl...
> > Yup, the error below is from Applog. When trying to manually enroll, the
> > user gets
> >
> > "The wizard cannot be started because:
> > - There are no trusted CAs available
> > - You don't have permission to request certs from the available CAs
> > - The available CAs issue certs for which you don't have permissions"
> >
> > I don't see any connectivity problems, GP gets applied, domain users
can
> > log on to the client, I can reach sysvol from the client.
> >
> > Thanks,
> >
> > Thomas
> >
> >
> >
> >
> > "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
> > news:evN#fRCDEHA.3608@TK2MSFTNGP10.phx.gbl...
> > > what is the error for manual enrollment. This error implies network
> > > connectivity problems to the domain...
> > >
> > > --
> > >
> > >
> > > David B. Cross [MS]
> > >
> > > --
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > >
> > > http://support.microsoft.com
> > >
> > > "Thomas Liss" <liss@ipcgmbh.com> wrote in message
> > > news:O3EOF0%23CEHA.3804@TK2MSFTNGP09.phx.gbl...
> > > > Thanks for your answer.
> > > >
> > > > No, manually enrolling doesn't work also.
> > > >
> > > > Applog shows an error:
> > > >
> > > > "Automatic certificate enrollment for local system failed to
download
> > > certs
> > > > for NTAuth store from CN=Configuration,DC=Thomas,DC=com
> > > ldap://%s/CN=Public
> > > > Key Services,CN=Services,%s?cACertificate?one?cn=NTAuthCertificates
> > > > (0x8007041d). The service did not respond in a timely fashion."
> > > >
> > > > (I called my domain Thomas.com)
> > > >
> > > > It is a clean installation with nothing else on it.
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Keith W. McCammon: "Re: How to close ports and which ones"
- Previous message: Richard: "How to close ports and which ones"
- In reply to: David Cross [MS]: "Re: Autoenrollment"
- Next in thread: David Cross [MS]: "Re: Autoenrollment"
- Reply: David Cross [MS]: "Re: Autoenrollment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
