Click here to get back home

Certificate Error
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Certificate Error drae 09-07-2006
Posted by drae on September 7, 2006, 4:59 pm
Please log in for more thread options
 I'm running windows 2003 DC with CA and IAS

I've got wireless Access Points that use the IAS for Authenication.

The Domain Controller Certificate recently expired and i get the
following errors

I'm getting the following errors in the event log

Event Type:        Warning
Event Source:        CertSvc
Event Category:        None
Event ID:        53
Date:                07/09/2006
Time:                16:18:04
User:                N/A
Computer:        CURRICULUM
Description:
Certificate Services denied request 315 because The permissions on this
certification authority do not allow the current user to enroll for
certificates. 0x80094011 (-2146877423). The request was for
STHN\CURRICULUM$. Additional information: Denied by Policy Module

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type:        Error
Event Source:        AutoEnrollment
Event Category:        None
Event ID:        13
Date:                07/09/2006
Time:                16:15:10
User:                N/A
Computer:        CURRICULUM
Description:
Automatic certificate enrollment for local system failed to enroll for
one Domain Controller certificate (0x80094011). The permissions on
this certification authority do not allow the current user to enroll
for certificates.

When I tried to renew the expired certificate I encounter the following
error
"The Certificate authority denied the request. The permission on this
certificate authority do not allow the current user to enrol for
certificates"

On the remote access policies in the IAS Server I checked the EAP
authentication but was presented with the following error
"A certificate could not be found that can be used with this EAP"

Any Idea's??


Posted by Steven L Umbach on September 8, 2006, 12:43 am
Please log in for more thread options
 Make sure you are logged on as a member of the domain admins or enterprise
admins group if you are trying to manually request the certificate and that
your CA is configured to issue the domain controller certificate. You can
open the mmc console for certificate authority and go to certificate
templates to make sure that you can see domain controller available and if
not right click and select new/certificate template to issue. To manage
certificate templates right click while you have certificate templates
highlighted and select manage. Then you can examine the properties of
certificate templates including permissions in the security tab.
Authenticates users should have read permission, domain controllers enroll,
enterprise domain controllers enroll, and domain and enterprise admins have
read/write/enroll.

Steve


> I'm running windows 2003 DC with CA and IAS
>
> I've got wireless Access Points that use the IAS for Authenication.
>
> The Domain Controller Certificate recently expired and i get the
> following errors
>
> I'm getting the following errors in the event log
>
> Event Type: Warning
> Event Source: CertSvc
> Event Category: None
> Event ID: 53
> Date: 07/09/2006
> Time: 16:18:04
> User: N/A
> Computer: CURRICULUM
> Description:
> Certificate Services denied request 315 because The permissions on this
> certification authority do not allow the current user to enroll for
> certificates. 0x80094011 (-2146877423). The request was for
> STHN\CURRICULUM$. Additional information: Denied by Policy Module
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> Event Type: Error
> Event Source: AutoEnrollment
> Event Category: None
> Event ID: 13
> Date: 07/09/2006
> Time: 16:15:10
> User: N/A
> Computer: CURRICULUM
> Description:
> Automatic certificate enrollment for local system failed to enroll for
> one Domain Controller certificate (0x80094011). The permissions on
> this certification authority do not allow the current user to enroll
> for certificates.
>
> When I tried to renew the expired certificate I encounter the following
> error
> "The Certificate authority denied the request. The permission on this
> certificate authority do not allow the current user to enrol for
> certificates"
>
> On the remote access policies in the IAS Server I checked the EAP
> authentication but was presented with the following error
> "A certificate could not be found that can be used with this EAP"
>
> Any Idea's??
>



Similar ThreadsPosted
"No Certificate Templates Could Be Found" Error Message When User Requests Certificate from CA Web Enrollment Pages September 21, 2006, 1:31 pm
Wierd Certificate Services Error Message June 7, 2005, 3:41 pm
Cannot Manage Certificate Services error message March 20, 2007, 10:32 pm
un/pwd error using network profile - no error with local profile March 23, 2007, 1:23 pm
SBS.RWW Error October 9, 2005, 9:08 am
Lsass.exe error 128 September 4, 2005, 5:18 pm
Runtime Error 75 November 21, 2006, 7:53 am
Help with AutoEnrollment Error 15 March 22, 2007, 10:21 am
CA Authority Error June 20, 2007, 5:36 pm
NTBU error September 26, 2007, 12:33 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap