| Author |
Message |
Carma Trepp
Guest
|
 Posted:
Mon Oct 17, 2005 4:51 pm Post subject:
Certificates are not published |
|
|
Hi all
I would like to enforce the auto enrollment on user certificates. But my
certificates are not published in the AD even the option "Publish
Certificate in Active Directory" is selected.
Thanks for any answers..
CA Server is Win2003 |
|
| Back to top |
|
 |
Brian Komar [MVP]
Guest
|
| Posted:
Mon Oct 17, 2005 4:51 pm Post subject:
Re: Certificates are not published |
|
|
In article <MPG.1dbd7a4c5526065989ec9@msnews.microsoft.com>,
padare@newsguy.com says...
| Quote: | In article <uzWXZ8x0FHA.2076@TK2MSFTNGP14.phx.gbl>, in the
microsoft.public.windows.server.security news group, Carma Trepp
only_n_groups_account_but_works@yahoo.de> says...
Hi all
I would like to enforce the auto enrollment on user certificates. But my
certificates are not published in the AD even the option "Publish
Certificate in Active Directory" is selected.
Check for errors in the event logs on the clients and the CA.
In addition, there are two other possibilities. |
- See KB 281271 - Certification Authority configuration to publish
certificates in Active Directory of trusted domain
If the CA is in a different domain than the user's domain, it will not
have the necessary permissions to publish the certificate. The KB
article states what needs to be done.
Brian |
|
| Back to top |
|
|
Paul Adare
Guest
|
| Posted:
Mon Oct 17, 2005 4:51 pm Post subject:
Re: Certificates are not published |
|
|
In article <uzWXZ8x0FHA.2076@TK2MSFTNGP14.phx.gbl>, in the
microsoft.public.windows.server.security news group, Carma Trepp
<only_n_groups_account_but_works@yahoo.de> says...
| Quote: | Hi all
I would like to enforce the auto enrollment on user certificates. But my
certificates are not published in the AD even the option "Publish
Certificate in Active Directory" is selected.
|
Check for errors in the event logs on the clients and the CA.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea |
|
| Back to top |
|
|
Paul Adare
Guest
|
| Posted:
Tue Oct 18, 2005 8:51 am Post subject:
Re: Certificates are not published |
|
|
In article <e$Syvc70FHA.2884@TK2MSFTNGP09.phx.gbl>, in the
microsoft.public.windows.server.security news group, Carma Trepp
<only_n_groups_account_but_works@yahoo.de> says...
| Quote: | Brian Komar [MVP] wrote:
In addition, there are two other possibilities.
- See KB 281271 - Certification Authority configuration to publish
certificates in Active Directory of trusted domain
If the CA is in a different domain than the user's domain, it will not
have the necessary permissions to publish the certificate. The KB
article states what needs to be done.
Brian
No CA specific errors are in the eventlog.
We have only one domain, and the CA is on one of the two DC`s. I really
think the CA have enough rights. The CA is also in the Cert Publishers
group.
|
You've checked both the client and CA event logs? Have you actually
configured the templates to publish in AD? What certificate templates
are you using? What OS (Standard, Enterprise, etc.) are you running on
the CA?
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea |
|
| Back to top |
|
|
Carma Trepp
Guest
|
| Posted:
Tue Oct 18, 2005 8:51 am Post subject:
Re: Certificates are not published |
|
|
Brian Komar [MVP] wrote:
| Quote: | In addition, there are two other possibilities.
- See KB 281271 - Certification Authority configuration to publish
certificates in Active Directory of trusted domain
If the CA is in a different domain than the user's domain, it will not
have the necessary permissions to publish the certificate. The KB
article states what needs to be done.
Brian
|
No CA specific errors are in the eventlog.
We have only one domain, and the CA is on one of the two DC`s. I really
think the CA have enough rights. The CA is also in the Cert Publishers
group. |
|
| Back to top |
|
|
Paul Adare
Guest
|
| Posted:
Tue Oct 18, 2005 12:50 pm Post subject:
Re: Certificates are not published |
|
|
In article <uzJa#r90FHA.2812@TK2MSFTNGP10.phx.gbl>, in the
microsoft.public.windows.server.security news group, Carma Trepp
<only_n_groups_account_but_works@yahoo.de> says...
| Quote: | Paul Adare wrote:
You've checked both the client and CA event logs? Have you actually
configured the templates to publish in AD? What certificate templates
are you using? What OS (Standard, Enterprise, etc.) are you running on
the CA?
The templates are configured to publish in the AD, but I cant see they
there. I have created the new certificate trough a copy of the normal
user template. And then set the option "publish certificate in active
directory".
When i go to the CA MMC --> Certificate Templates --> Rightklick --> New
--> Certificate Template to Issue. I dont see my created Template.
|
So you mean you haven't even managed to issue any certificates yet?
Certificates are not published to the directory until they are issued.
We need to back up a bit here to figure out what is going on.
First of all, what OS is running on the CA? 2003 Standard, 2003
Enterprise?
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea |
|
| Back to top |
|
|
Carma Trepp
Guest
|
| Posted:
Tue Oct 18, 2005 12:50 pm Post subject:
Re: Certificates are not published |
|
|
Paul Adare wrote:
| Quote: | You've checked both the client and CA event logs? Have you actually
configured the templates to publish in AD? What certificate templates
are you using? What OS (Standard, Enterprise, etc.) are you running on
the CA?
|
The templates are configured to publish in the AD, but I cant see they
there. I have created the new certificate trough a copy of the normal
user template. And then set the option "publish certificate in active
directory".
When i go to the CA MMC --> Certificate Templates --> Rightklick --> New
--> Certificate Template to Issue. I dont see my created Template.
Thanks.. |
|
| Back to top |
|
|
Paul Adare
Guest
|
| Posted:
Wed Oct 19, 2005 8:51 am Post subject:
Re: Certificates are not published |
|
|
In article <eL13ZKH1FHA.2932@TK2MSFTNGP10.phx.gbl>, in the
microsoft.public.windows.server.security news group, Carma Trepp
<only_n_groups_account_but_works@yahoo.de> says...
| Quote: | Paul Adare wrote:
So you mean you haven't even managed to issue any certificates yet?
Certificates are not published to the directory until they are issued.
We need to back up a bit here to figure out what is going on.
First of all, what OS is running on the CA? 2003 Standard, 2003
Enterprise?
The CA OS is Windows 2003 Standard. And yes, I haven`t even managed
issue any certificates templates.
|
You don't issue certificate templates, you issue certificates. A CA
running on Windows Server 2003 Standard Edition does not support the use
of templates. If you need to use templates then your CA needs to be
running on Windows Server 2003 Enterprise Edition.
For details:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog
ies/security/ws3pkibp.mspx
or
http://tinyurl.com/28cjx
Click the Windows Server 2003 PKI and Dependencies link.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea |
|
| Back to top |
|
|
Carma Trepp
Guest
|
| Posted:
Wed Oct 19, 2005 8:51 am Post subject:
Re: Certificates are not published |
|
|
Paul Adare wrote:
| Quote: | So you mean you haven't even managed to issue any certificates yet?
Certificates are not published to the directory until they are issued.
We need to back up a bit here to figure out what is going on.
First of all, what OS is running on the CA? 2003 Standard, 2003
Enterprise?
The CA OS is Windows 2003 Standard. And yes, I haven`t even managed |
issue any certificates templates. |
|
| Back to top |
|
|
Carma Trepp
Guest
|
| Posted:
Thu Oct 27, 2005 12:50 pm Post subject:
Re: Certificates are not published |
|
|
Paul Adare wrote:
| Quote: |
You don't issue certificate templates, you issue certificates. A CA
running on Windows Server 2003 Standard Edition does not support the use
of templates. If you need to use templates then your CA needs to be
running on Windows Server 2003 Enterprise Edition.
|
Hmm... really bad. Then I must distribute the certificates manually.
Thanks for all your answers!
Greetings
Carma |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in