Hello,
We set up a machine to be the host of the CA. It is a member server on the
domain. We choose enterprise CA during the setup.
We don't see any AD requesting the cerfiticate at all. When does it ask for
the cert?
I also tried this:
1. Please check to ensure that a new security group, CERTSVC_DCOM_ACCESS,
has been created after Windows
Server 2003 SP1 or later has been applied.
2. Please add the "Domain Users", "Domain Computers", "Domain Controllers"
groups to the new
CERTSVC_DCOM_ACCESS security group at the AD.
3. Then we can have Certificate Services update the DCOM security settings
by running the following commands:
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc.
1. In Certificate Template snap-in, right click the certificate template
“Domain Controller Authentication” and ensure that Domain Controllers and
ENTERPRISE DOMAIN CONTROLLERS groups has the Enroll and Autoenroll
permissions, Authenticated Users has Read permission.
2. Verify that Authenticated Users is member of the Certificate Service
DCOM Access group.
TIA,
tnt
|
Similar Threads
Linear Mode
