No Certificate Templates error

No Certificate Templates error

am 03.01.2007 01:11:01 von mtstream

I inherited the DCs but have not had any issues with Certificates until now.
Workstations are able to autoenroll fine and wireless security (also requires
workstation certificates) is working fine.

The SSL Certificate used for Exchange Web services (OWA ect. using IIS 6.0)
expired. When I go to http://certificateserver/certserv and attempt to
create a certificate I receive the following error:

"No certificate templates could be found. You do not have permission to
request a certificate from this CA, or an error occurred while accessing the
Active Directory."

I found KB 811418 (http://support.microsoft.com/kb/811418/en-us) and
followed the resolution - the certdat.inc file had an additional /name added
on the end, it now matches dNSHostName in AD exactly. But I still have the
same problem.

The only Event Log errors were related to ASP security on the DC - this has
also been corrected. There are no further errors in the logs.

I continue to receive the No Certificate Templates message when attempting
to create a certificate from any machine including directly from the DC.

Any ideas? NOTE - what you see here is pretty much the extent of my
knowledge on certificates.

RE: No Certificate Templates error

am 11.01.2007 21:58:00 von TrickerTreat

I was having this same problem. Like many I tried the fix that you are asking
about. Like many others, this fix did not work for me.

Here is what worked for me: Double check to make sure that the security on
the cert server web pages is not set for "anonymous access". Once I disabled
this and enabled "integrated windows authentication" it prompted me to logon.
I used the admin account and the templates were there. If you want to
continue using the anonymous account (probably not recommended) then you may
have to give the IUSR_ account rights to the certificate enrollment web site.
You may want to stop/start the web site and Cert server services before
trying again.

Good Luck

RE: No Certificate Templates error

am 11.01.2007 23:11:01 von mtstream

Thanks for responding!

I just tried this, but without success.

I worked arround the issue by selecting the option for an online CA and
pointing to my internal server. This generated and applied a certificate.
Problem with that was the warrning message in IE7 about being unable to
confirm the ID with a trusted authority is so strong users started calling to
find out what to do (the error only shows up on non-domain computers). I
decided it was too much effort to try and educate everyone to install the
cert or ignor the warning when they connect to OWA - so I bought one - all
problems solved.

"TrickerTreat" wrote:

> I was having this same problem. Like many I tried the fix that you are asking
> about. Like many others, this fix did not work for me.
>
> Here is what worked for me: Double check to make sure that the security on
> the cert server web pages is not set for "anonymous access". Once I disabled
> this and enabled "integrated windows authentication" it prompted me to logon.
> I used the admin account and the templates were there. If you want to
> continue using the anonymous account (probably not recommended) then you may
> have to give the IUSR_ account rights to the certificate enrollment web site.
> You may want to stop/start the web site and Cert server services before
> trying again.
>
> Good Luck