|
Posted by Kristin Griffin on January 16, 2008, 11:09 pm
Please log in for more thread options
Hi Folks,
Thanks in advance for the help.
My setup is this:
· DC = LH_DC1, win2k8 server
· PKI server = LH_PKI1, win2k8 server
· Client = LH_CLI1, vista
I setup my test lab using the AD CS Step by Step Guide, and the OCSP
whitepaper. I am still having these issues:
1. I believe my OCSP implementation is working. I can auto enroll
users now, so that would be a good test right? Also, I can download the
latest CRL, and the responder says that it is OK. Before I could not do any
of this. But I am still concerned by what I see when I open server manager.
Under Roles --> Enterprise PKI --> RootCA (v0.0) there is a red X. ANd in
the right hand pane I see 4 certs with Xs , and errors. two start with AIA,
and 2 start with OCSP. There are two more there named AIA Location #3 and
AIA Location #4 and they are fine. There are two named OCSP Location #1 and
#2 and they have errors. How can I fix this?
Are these locations still valid and should I care? Or is this from when I
was having issues with ocsp? I redid the AIA config (erased the old
http://LH_PKI1 and redid it. That seemed to help.) Am I still having issues
then? If so, how else can I test and resolve this?
I have rebooted the PKI server after I made that change too. Still no luck
in resolving this.
2. When I try to request a certificate from the website:
https://LH_PKI1.contoso.com/certsrv
I can download the latest CRL no problem. But when I go to request a
certificate, I canot. I get the following error message:
No certificate templates can be found. You do not have permission to
request a certificate from this CA, or an error occurred while accessing the
Actie Directory.
I am logged on as a user PKI_user3. I can go into the local certificate
store and request certificates that way.
The same thing is true if I log onto the vista PC with the domain admin
account.
Any more advice here?
I have already created a web serve certificate for my website, and the
templates I have created work if I use the cert mmc snapin, and auto
enrolling users gets them certs, so now I am kind of stuck.
I would love to send anyone screen shots of what I see as my descriptions
are not as good as images. please email if you would look at them:
kristin.l.griffin@gmail.com
Thanks very much!
Kristin
|
| Similar Threads | Posted | | only test- solo test | March 5, 2006, 6:49 am |
| tools to test security | September 24, 2005, 10:31 pm |
| test dvdcheap dvd barato | April 1, 2006, 2:09 pm |
| Trouble Following KB Article 325349 | May 24, 2007, 5:00 pm |
| dcom security settings trouble | August 25, 2006, 4:33 pm |
| Certificates trouble: CRL not available(?) and "revocation server offline" error | April 29, 2007, 2:05 pm |
| Security Update for Windows Server 2003 KB896424 trouble | January 1, 2006, 7:29 pm |
| 2008 RC1 patches available? | January 23, 2008, 2:36 pm |
| RODC 2008 account and delegation | April 17, 2008, 3:50 am |
| AD CS 2008 - issuing IPSEC certs from a stand-alone CA: | January 31, 2008, 3:17 pm |
|
XML Sitemap