Click here to get back home

Windows Server 2003 Ent. Certificate Services Webenroll
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Windows Server 2003 Ent. Certificate Services Webenroll Kristoffer Nørkjær Randløv Jep 10-18-2005
Posted by Kristoffer Nørkjær Randløv Jep on October 18, 2005, 12:48 pm
Please log in for more thread options
 I have a Certificate Authority set up in a domain. (Enterprise Edition). In
my DMZ i have a CAproxy (webenrollment) set up. when i log in to the caproxy
with remote desktop and do a http://caproxy/certsrv web enrollmant i am able
to get a certificate. when i try to enroll from the same proxy, but from
another computer i get the following error :
Error


Your request failed. An error occurred while the server was processing your
request.

Contact your administrator for further assistance.

Request Mode:


newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
Access is denied. 0x80070005 (WIN32: 5)
COM Error Info:
CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
LastStatus:
Access is denied. 0x80070005 (WIN32: 5)
Suggested Cause:
The Certification Authority Service has not been started.

This is driving me absolutely nuts.
i get nothing in the eventlog.

is there any way i can turn on advanced debugging?




Posted by Kristoffer Nørkjær Randløv Jep on October 18, 2005, 2:15 pm
Please log in for more thread options
 OK, I have done some more testing and, it seams like when ever i use a
machine in the same domain as the CA servers i am able to get certificates.
however using a machine not in the same domain or in no domain i get the
stated error.

How can i work around this.?


>I have a Certificate Authority set up in a domain. (Enterprise Edition). In
>my DMZ i have a CAproxy (webenrollment) set up. when i log in to the
>caproxy with remote desktop and do a http://caproxy/certsrv web enrollmant
>i am able to get a certificate. when i try to enroll from the same proxy,
>but from another computer i get the following error :
> Error
>
>
> Your request failed. An error occurred while the server was processing
> your request.
>
> Contact your administrator for further assistance.
>
> Request Mode:
>
>
> newreq - New Request
> Disposition:
> (never set)
> Disposition message:
> (none)
> Result:
> Access is denied. 0x80070005 (WIN32: 5)
> COM Error Info:
> CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
> LastStatus:
> Access is denied. 0x80070005 (WIN32: 5)
> Suggested Cause:
> The Certification Authority Service has not been started.
>
> This is driving me absolutely nuts.
> i get nothing in the eventlog.
>
> is there any way i can turn on advanced debugging?
>




Posted by Kristoffer Nørkjær Randløv Jep on October 19, 2005, 10:41 am
Please log in for more thread options
Is there no one who has somethng i can try?

> OK, I have done some more testing and, it seams like when ever i use a
> machine in the same domain as the CA servers i am able to get
> certificates. however using a machine not in the same domain or in no
> domain i get the stated error.
>
> How can i work around this.?
>
>
>>I have a Certificate Authority set up in a domain. (Enterprise Edition).
>>In my DMZ i have a CAproxy (webenrollment) set up. when i log in to the
>>caproxy with remote desktop and do a http://caproxy/certsrv web enrollmant
>>i am able to get a certificate. when i try to enroll from the same proxy,
>>but from another computer i get the following error :
>> Error
>>
>>
>> Your request failed. An error occurred while the server was processing
>> your request.
>>
>> Contact your administrator for further assistance.
>>
>> Request Mode:
>>
>>
>> newreq - New Request
>> Disposition:
>> (never set)
>> Disposition message:
>> (none)
>> Result:
>> Access is denied. 0x80070005 (WIN32: 5)
>> COM Error Info:
>> CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
>> LastStatus:
>> Access is denied. 0x80070005 (WIN32: 5)
>> Suggested Cause:
>> The Certification Authority Service has not been started.
>>
>> This is driving me absolutely nuts.
>> i get nothing in the eventlog.
>>
>> is there any way i can turn on advanced debugging?
>>
>
>




Posted by Paul Adare on October 19, 2005, 5:07 am
Please log in for more thread options
microsoft.public.windows.server.security news group, Kristoffer Nørkjær

> Is there no one who has somethng i can try?

Any errors in the event log on the CA itself?

You may need to open a support incident with Microsoft's support
services to get this resolved.

>
> > OK, I have done some more testing and, it seams like when ever i use a
> > machine in the same domain as the CA servers i am able to get
> > certificates. however using a machine not in the same domain or in no
> > domain i get the stated error.
> >
> > How can i work around this.?
> >
> >
> >>I have a Certificate Authority set up in a domain. (Enterprise Edition).
> >>In my DMZ i have a CAproxy (webenrollment) set up. when i log in to the
> >>caproxy with remote desktop and do a http://caproxy/certsrv web enrollmant
> >>i am able to get a certificate. when i try to enroll from the same proxy,
> >>but from another computer i get the following error :
> >> Error
> >>
> >>
> >> Your request failed. An error occurred while the server was processing
> >> your request.
> >>
> >> Contact your administrator for further assistance.
> >>
> >> Request Mode:
> >>
> >>
> >> newreq - New Request
> >> Disposition:
> >> (never set)
> >> Disposition message:
> >> (none)
> >> Result:
> >> Access is denied. 0x80070005 (WIN32: 5)
> >> COM Error Info:
> >> CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
> >> LastStatus:
> >> Access is denied. 0x80070005 (WIN32: 5)
> >> Suggested Cause:
> >> The Certification Authority Service has not been started.
> >>
> >> This is driving me absolutely nuts.
> >> i get nothing in the eventlog.
> >>
> >> is there any way i can turn on advanced debugging?
> >>
> >
> >
>
>
>

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea


Posted by Kristoffer Nørkjær Randløv Jep on October 19, 2005, 11:12 am
Please log in for more thread options
Yeah, Nothing in the CA or CAproxy eventlog only the error on the enrollment
pages.

Im currently setting up a virtual test environment to test if i can get it
up on clean installations.



> microsoft.public.windows.server.security news group, Kristoffer Nørkjær
>
>> Is there no one who has somethng i can try?
>
> Any errors in the event log on the CA itself?
>
> You may need to open a support incident with Microsoft's support
> services to get this resolved.
>
>>
>> en
>> > OK, I have done some more testing and, it seams like when ever i use a
>> > machine in the same domain as the CA servers i am able to get
>> > certificates. however using a machine not in the same domain or in no
>> > domain i get the stated error.
>> >
>> > How can i work around this.?
>> >
>> >
>> > en
>> >>I have a Certificate Authority set up in a domain. (Enterprise
>> >>Edition).
>> >>In my DMZ i have a CAproxy (webenrollment) set up. when i log in to the
>> >>caproxy with remote desktop and do a http://caproxy/certsrv web
>> >>enrollmant
>> >>i am able to get a certificate. when i try to enroll from the same
>> >>proxy,
>> >>but from another computer i get the following error :
>> >> Error
>> >>
>> >>
>> >> Your request failed. An error occurred while the server was processing
>> >> your request.
>> >>
>> >> Contact your administrator for further assistance.
>> >>
>> >> Request Mode:
>> >>
>> >>
>> >> newreq - New Request
>> >> Disposition:
>> >> (never set)
>> >> Disposition message:
>> >> (none)
>> >> Result:
>> >> Access is denied. 0x80070005 (WIN32: 5)
>> >> COM Error Info:
>> >> CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
>> >> LastStatus:
>> >> Access is denied. 0x80070005 (WIN32: 5)
>> >> Suggested Cause:
>> >> The Certification Authority Service has not been started.
>> >>
>> >> This is driving me absolutely nuts.
>> >> i get nothing in the eventlog.
>> >>
>> >> is there any way i can turn on advanced debugging?
>> >>
>> >
>> >
>>
>>
>>
>
> --
> Paul Adare
> MVP - Windows - Virtual Machine
> http://www.identit.ca/blogs/paul/
> "The English language, complete with irony, satire, and sarcasm, has
> survived for centuries without smileys. Only the new crop of modern
> computer geeks finds it impossible to detect a joke that is not clearly
> labeled as such."
> Ray Shea




Similar ThreadsPosted
Windows Server 2003 - Services Permissions Issue August 29, 2005, 1:28 pm
Certificate enroll with Windows Server 2003? December 12, 2005, 9:46 pm
Certificate enroll with Windows Server 2003? December 12, 2005, 10:36 pm
Request certificate to a CA in Windows server 2003 January 26, 2007, 12:44 pm
Certificate with PKCS#12 with Windows 2003 Server CA January 30, 2007, 8:19 pm
Use Windows 2003 CA to create a web server certificate with alternative DNS names June 2, 2007, 1:02 pm
"Official" errata on Brian Komar's Windows Server 2003 PKI & Certificate Security book July 7, 2006, 10:35 pm
Certificate Services: Windows 2000 March 21, 2007, 12:52 pm
Certificate Services: Windows 2000 March 21, 2007, 12:37 pm
Certificate Services: Windows 2000 March 21, 2007, 12:23 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap