CA configuration to publish certs in AD
- From: Patrik Nagel <patrik.nagelREMOVE@xxxxxxxxxx>
- Date: Mon, 02 Oct 2006 15:42:57 +0200
My Enterprise Root CA can't publish certificates to AD which are issued
for users in the child domain. I receive the following warning in the
event log:
Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 80
Date: 02.10.2006
Time: 13:18:16
User: N/A
Computer: RootDomainDC
Description:
Certificate Services could not publish a Certificate for request 66 to
the following location on server ChildDomainDC: ChildDomainUser.
Insufficient access rights to perform the operation. 0x80072098 (WIN32:
8344). ldap: 0x32: 00002098: SecErr: DSID-03150A45, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
The Enterprise Root CA is located on the DC in the root domain. I found
the following KB Article:
"Certification Authority configuration to publish certificates in Active
Directory of trusted domain" [Q281271]
In step number five - Delegate Control - on the child domain controller,
they describe how to add the "Cert Publishers" group from the parent
domain. But I can't add (find) this group, because the scope is set to
"domain local"!? I changed the scope to "universal" by using "dsmod" and completed step number five and six as described. However, the warning does still appear!
I'm also confused on step number 3. I have only the windows default exit module with the property "allow certificates to be published to the *file system*" and nothing like "...published in the *Active Directory*" as described in the KB article.
Thanks in advance
Patrik
.
- Follow-Ups:
- Re: CA configuration to publish certs in AD
- From: Brian Komar [MVP]
- Re: CA configuration to publish certs in AD
- Prev by Date: Re: WebDav, https and Encrypted file system
- Next by Date: Re: Home directory permissions. What to set?
- Previous by thread: Re: WebDav, https and Encrypted file system
- Next by thread: Re: CA configuration to publish certs in AD
- Index(es):
Relevant Pages
|
