Re: IAS and RAS server certificate enrollment




Thanks Brian!!! My permissions and GPO were correct, but rsop.msc
revealed another GPO that was overriding the computer autoenrollment
setting. (As a side note, that particular GPO setting is irritating. On
2003, once you set it, there doesn't seem to be a way to revert it back
to "not configured." Looks like that issue is fixed in 2008 though, and
that's how I worked around it.)

Brian Komar \(MVP\);3757222 Wrote:
1. Did you enable autoenrollment GPO for computers. It is a different
GPO
setting than for users
2. What are the permissions on the computer certificate template. Did
you
give the child domain\Domain COmputers group Read, Enroll, and
Autoenroll
permissions.

Run rsop.msc on the computer to determine the effective GPO settings
Brian

"bdo" <bdo.39w1zd@xxxxxxxxxxxxx> wrote in message
news:bdo.39w1zd@xxxxxxxxxxxxxxxx

Ok, shameless bump... Any ideas out there? I tested today on a
laptop
with Vista and got the same results. The user cert autoenrolls
perfectly, but no computer cert, yet I can enroll it through the
mmc.
So I'm starting to think it's a bug in my AD somewhere.


--
bdo

------------------------------------------------------------------------
bdo's Profile: http://forums.techarena.in/member.php?userid=50025
View this thread: http://forums.techarena.in/showthread.php?t=972722

http://forums.techarena.in



--
bdo
------------------------------------------------------------------------
bdo's Profile: http://forums.techarena.in/member.php?userid=50025
View this thread: http://forums.techarena.in/showthread.php?t=969571

http://forums.techarena.in

.