Certificate request failed

Discussion in 'Wireless Networking' started by =?Utf-8?B?SXZv?=, Feb 10, 2005.

  1. I keep getting the messag: The certificate request failed because one of the
    following conditions:
    - The certificate request was submitted to a Certification Authority (CA)
    that is not started. (OR)
    - You do not have the permissions to request certificates from the available
    CAs.

    I'm having this problem on my notebook (using my account and also as
    administrator), the SBS2003 is the CA. When I do this on another (desktop) PC
    with the same credentials it works OK.

    Any ideas on how to solve this problem? My notebook has been used outside
    and has swapped domains, it is now back in my domain but it is still looking
    for CAs in the other domain? Don't know if this matters, really? In fact I
    have no clue about what's going on here.

    Suggestions on this matter are highly appreciated...
    Ivo
     
    =?Utf-8?B?SXZv?=, Feb 10, 2005
    #1
    1. Advertising

  2. =?Utf-8?B?SXZv?=

    Mark Gamache Guest

    Is this a manual request or auto-enrolment?

    --
    Mark Gamache
    Certified Security Solutions
    http://www.css-security.com



    "Ivo" <> wrote in message
    news:...
    >I keep getting the messag: The certificate request failed because one of
    >the
    > following conditions:
    > - The certificate request was submitted to a Certification Authority (CA)
    > that is not started. (OR)
    > - You do not have the permissions to request certificates from the
    > available
    > CAs.
    >
    > I'm having this problem on my notebook (using my account and also as
    > administrator), the SBS2003 is the CA. When I do this on another (desktop)
    > PC
    > with the same credentials it works OK.
    >
    > Any ideas on how to solve this problem? My notebook has been used outside
    > and has swapped domains, it is now back in my domain but it is still
    > looking
    > for CAs in the other domain? Don't know if this matters, really? In fact I
    > have no clue about what's going on here.
    >
    > Suggestions on this matter are highly appreciated...
    > Ivo
     
    Mark Gamache, Feb 11, 2005
    #2
    1. Advertising

  3. A manual request.
    Tried to obtain it with a web interface too (something like
    \\server\certsrv) but there was a similar error.

    "Mark Gamache" wrote:

    > Is this a manual request or auto-enrolment?
    >
    > --
    > Mark Gamache
    > Certified Security Solutions
    > http://www.css-security.com
    >
    >
    >
    > "Ivo" <> wrote in message
    > news:...
    > >I keep getting the messag: The certificate request failed because one of
    > >the
    > > following conditions:
    > > - The certificate request was submitted to a Certification Authority (CA)
    > > that is not started. (OR)
    > > - You do not have the permissions to request certificates from the
    > > available
    > > CAs.
    > >
    > > I'm having this problem on my notebook (using my account and also as
    > > administrator), the SBS2003 is the CA. When I do this on another (desktop)
    > > PC
    > > with the same credentials it works OK.
    > >
    > > Any ideas on how to solve this problem? My notebook has been used outside
    > > and has swapped domains, it is now back in my domain but it is still
    > > looking
    > > for CAs in the other domain? Don't know if this matters, really? In fact I
    > > have no clue about what's going on here.
    > >
    > > Suggestions on this matter are highly appreciated...
    > > Ivo

    >
    >
    >
     
    =?Utf-8?B?SXZv?=, Feb 11, 2005
    #3
  4. I'm still strugling with this problem...
    It's linked to my notebook, a PC in the same network can request the
    certificates (machine and user) all right. When I bring my notebook to
    another domain, I have the same error message.
    Contrary to what I stated earlier, I can install the certificate from the
    web interface (//servername/certsrv) but this allows me to install the user
    certificates only, I don't see how I can select the machine certificate using
    the web interface.
    So "the CA is definitely started" and I'm logged on as domain (and therefore
    local machine) admin so it cannot be that I do not have the necessary rights.

    So what's wrong with my notebook reaction to certificates.
    It's running XP SP2 and the domain server is SBS2K3 on my home system and
    SBS2K where I ran the tests this afternoon.

    Any suggestions are very much welcome!
    Ivo
    "Ivo" wrote:

    > A manual request.
    > Tried to obtain it with a web interface too (something like
    > \\server\certsrv) but there was a similar error.
    >
    > "Mark Gamache" wrote:
    >
    > > Is this a manual request or auto-enrolment?
    > >
    > > --
    > > Mark Gamache
    > > Certified Security Solutions
    > > http://www.css-security.com
    > >
    > >
    > >
    > > "Ivo" <> wrote in message
    > > news:...
    > > >I keep getting the messag: The certificate request failed because one of
    > > >the
    > > > following conditions:
    > > > - The certificate request was submitted to a Certification Authority (CA)
    > > > that is not started. (OR)
    > > > - You do not have the permissions to request certificates from the
    > > > available
    > > > CAs.
    > > >
    > > > I'm having this problem on my notebook (using my account and also as
    > > > administrator), the SBS2003 is the CA. When I do this on another (desktop)
    > > > PC
    > > > with the same credentials it works OK.
    > > >
    > > > Any ideas on how to solve this problem? My notebook has been used outside
    > > > and has swapped domains, it is now back in my domain but it is still
    > > > looking
    > > > for CAs in the other domain? Don't know if this matters, really? In fact I
    > > > have no clue about what's going on here.
    > > >
    > > > Suggestions on this matter are highly appreciated...
    > > > Ivo

    > >
    > >
    > >
     
    =?Utf-8?B?SXZv?=, Feb 21, 2005
    #4
  5. =?Utf-8?B?SXZv?=

    Mark Gamache Guest

    have you tried to get the machine cert via the MMC? I'm pretty sure you
    can't get it through the web interface.

    Cheers,

    --
    Mark Gamache
    Certified Security Solutions
    http://www.css-security.com



    "Ivo" <> wrote in message
    news:D...
    > I'm still strugling with this problem...
    > It's linked to my notebook, a PC in the same network can request the
    > certificates (machine and user) all right. When I bring my notebook to
    > another domain, I have the same error message.
    > Contrary to what I stated earlier, I can install the certificate from the
    > web interface (//servername/certsrv) but this allows me to install the
    > user
    > certificates only, I don't see how I can select the machine certificate
    > using
    > the web interface.
    > So "the CA is definitely started" and I'm logged on as domain (and
    > therefore
    > local machine) admin so it cannot be that I do not have the necessary
    > rights.
    >
    > So what's wrong with my notebook reaction to certificates.
    > It's running XP SP2 and the domain server is SBS2K3 on my home system and
    > SBS2K where I ran the tests this afternoon.
    >
    > Any suggestions are very much welcome!
    > Ivo
    > "Ivo" wrote:
    >
    >> A manual request.
    >> Tried to obtain it with a web interface too (something like
    >> \\server\certsrv) but there was a similar error.
    >>
    >> "Mark Gamache" wrote:
    >>
    >> > Is this a manual request or auto-enrolment?
    >> >
    >> > --
    >> > Mark Gamache
    >> > Certified Security Solutions
    >> > http://www.css-security.com
    >> >
    >> >
    >> >
    >> > "Ivo" <> wrote in message
    >> > news:...
    >> > >I keep getting the messag: The certificate request failed because one
    >> > >of
    >> > >the
    >> > > following conditions:
    >> > > - The certificate request was submitted to a Certification Authority
    >> > > (CA)
    >> > > that is not started. (OR)
    >> > > - You do not have the permissions to request certificates from the
    >> > > available
    >> > > CAs.
    >> > >
    >> > > I'm having this problem on my notebook (using my account and also as
    >> > > administrator), the SBS2003 is the CA. When I do this on another
    >> > > (desktop)
    >> > > PC
    >> > > with the same credentials it works OK.
    >> > >
    >> > > Any ideas on how to solve this problem? My notebook has been used
    >> > > outside
    >> > > and has swapped domains, it is now back in my domain but it is still
    >> > > looking
    >> > > for CAs in the other domain? Don't know if this matters, really? In
    >> > > fact I
    >> > > have no clue about what's going on here.
    >> > >
    >> > > Suggestions on this matter are highly appreciated...
    >> > > Ivo
    >> >
    >> >
    >> >
     
    Mark Gamache, Feb 21, 2005
    #5
  6. yes I tried (am trying, will continue to try) to get the machine cert via the
    MMC.
    I could not find a way to obtain it through the web interface and I
    understand from your answer that it is indeed not possible.
    So my problem is with manual cert request via the MMC.

    Why me?
    Ivo

    "Mark Gamache" wrote:

    > have you tried to get the machine cert via the MMC? I'm pretty sure you
    > can't get it through the web interface.
    >
    > Cheers,
    >
    > --
    > Mark Gamache
    > Certified Security Solutions
    > http://www.css-security.com
    >
    >
    >
    > "Ivo" <> wrote in message
    > news:D...
    > > I'm still strugling with this problem...
    > > It's linked to my notebook, a PC in the same network can request the
    > > certificates (machine and user) all right. When I bring my notebook to
    > > another domain, I have the same error message.
    > > Contrary to what I stated earlier, I can install the certificate from the
    > > web interface (//servername/certsrv) but this allows me to install the
    > > user
    > > certificates only, I don't see how I can select the machine certificate
    > > using
    > > the web interface.
    > > So "the CA is definitely started" and I'm logged on as domain (and
    > > therefore
    > > local machine) admin so it cannot be that I do not have the necessary
    > > rights.
    > >
    > > So what's wrong with my notebook reaction to certificates.
    > > It's running XP SP2 and the domain server is SBS2K3 on my home system and
    > > SBS2K where I ran the tests this afternoon.
    > >
    > > Any suggestions are very much welcome!
    > > Ivo
    > > "Ivo" wrote:
    > >
    > >> A manual request.
    > >> Tried to obtain it with a web interface too (something like
    > >> \\server\certsrv) but there was a similar error.
    > >>
    > >> "Mark Gamache" wrote:
    > >>
    > >> > Is this a manual request or auto-enrolment?
    > >> >
    > >> > --
    > >> > Mark Gamache
    > >> > Certified Security Solutions
    > >> > http://www.css-security.com
    > >> >
    > >> >
    > >> >
    > >> > "Ivo" <> wrote in message
    > >> > news:...
    > >> > >I keep getting the messag: The certificate request failed because one
    > >> > >of
    > >> > >the
    > >> > > following conditions:
    > >> > > - The certificate request was submitted to a Certification Authority
    > >> > > (CA)
    > >> > > that is not started. (OR)
    > >> > > - You do not have the permissions to request certificates from the
    > >> > > available
    > >> > > CAs.
    > >> > >
    > >> > > I'm having this problem on my notebook (using my account and also as
    > >> > > administrator), the SBS2003 is the CA. When I do this on another
    > >> > > (desktop)
    > >> > > PC
    > >> > > with the same credentials it works OK.
    > >> > >
    > >> > > Any ideas on how to solve this problem? My notebook has been used
    > >> > > outside
    > >> > > and has swapped domains, it is now back in my domain but it is still
    > >> > > looking
    > >> > > for CAs in the other domain? Don't know if this matters, really? In
    > >> > > fact I
    > >> > > have no clue about what's going on here.
    > >> > >
    > >> > > Suggestions on this matter are highly appreciated...
    > >> > > Ivo
    > >> >
    > >> >
    > >> >

    >
    >
    >
     
    =?Utf-8?B?SXZv?=, Feb 21, 2005
    #6
  7. =?Utf-8?B?SXZv?=

    Mark Gamache Guest

    are you an administrator on the client machine?

    --
    Mark Gamache
    Certified Security Solutions
    http://www.css-security.com



    "Ivo" <> wrote in message
    news:...
    > yes I tried (am trying, will continue to try) to get the machine cert via
    > the
    > MMC.
    > I could not find a way to obtain it through the web interface and I
    > understand from your answer that it is indeed not possible.
    > So my problem is with manual cert request via the MMC.
    >
    > Why me?
    > Ivo
    >
    > "Mark Gamache" wrote:
    >
    >> have you tried to get the machine cert via the MMC? I'm pretty sure you
    >> can't get it through the web interface.
    >>
    >> Cheers,
    >>
    >> --
    >> Mark Gamache
    >> Certified Security Solutions
    >> http://www.css-security.com
    >>
    >>
    >>
    >> "Ivo" <> wrote in message
    >> news:D...
    >> > I'm still strugling with this problem...
    >> > It's linked to my notebook, a PC in the same network can request the
    >> > certificates (machine and user) all right. When I bring my notebook to
    >> > another domain, I have the same error message.
    >> > Contrary to what I stated earlier, I can install the certificate from
    >> > the
    >> > web interface (//servername/certsrv) but this allows me to install the
    >> > user
    >> > certificates only, I don't see how I can select the machine certificate
    >> > using
    >> > the web interface.
    >> > So "the CA is definitely started" and I'm logged on as domain (and
    >> > therefore
    >> > local machine) admin so it cannot be that I do not have the necessary
    >> > rights.
    >> >
    >> > So what's wrong with my notebook reaction to certificates.
    >> > It's running XP SP2 and the domain server is SBS2K3 on my home system
    >> > and
    >> > SBS2K where I ran the tests this afternoon.
    >> >
    >> > Any suggestions are very much welcome!
    >> > Ivo
    >> > "Ivo" wrote:
    >> >
    >> >> A manual request.
    >> >> Tried to obtain it with a web interface too (something like
    >> >> \\server\certsrv) but there was a similar error.
    >> >>
    >> >> "Mark Gamache" wrote:
    >> >>
    >> >> > Is this a manual request or auto-enrolment?
    >> >> >
    >> >> > --
    >> >> > Mark Gamache
    >> >> > Certified Security Solutions
    >> >> > http://www.css-security.com
    >> >> >
    >> >> >
    >> >> >
    >> >> > "Ivo" <> wrote in message
    >> >> > news:...
    >> >> > >I keep getting the messag: The certificate request failed because
    >> >> > >one
    >> >> > >of
    >> >> > >the
    >> >> > > following conditions:
    >> >> > > - The certificate request was submitted to a Certification
    >> >> > > Authority
    >> >> > > (CA)
    >> >> > > that is not started. (OR)
    >> >> > > - You do not have the permissions to request certificates from the
    >> >> > > available
    >> >> > > CAs.
    >> >> > >
    >> >> > > I'm having this problem on my notebook (using my account and also
    >> >> > > as
    >> >> > > administrator), the SBS2003 is the CA. When I do this on another
    >> >> > > (desktop)
    >> >> > > PC
    >> >> > > with the same credentials it works OK.
    >> >> > >
    >> >> > > Any ideas on how to solve this problem? My notebook has been used
    >> >> > > outside
    >> >> > > and has swapped domains, it is now back in my domain but it is
    >> >> > > still
    >> >> > > looking
    >> >> > > for CAs in the other domain? Don't know if this matters, really?
    >> >> > > In
    >> >> > > fact I
    >> >> > > have no clue about what's going on here.
    >> >> > >
    >> >> > > Suggestions on this matter are highly appreciated...
    >> >> > > Ivo
    >> >> >
    >> >> >
    >> >> >

    >>
    >>
    >>
     
    Mark Gamache, Feb 21, 2005
    #7
  8. yes, Domain Administrator and ivo are members of the local Administrators on
    the client machine.

    "Mark Gamache" wrote:

    > are you an administrator on the client machine?
    >
    > --
    > Mark Gamache
    > Certified Security Solutions
    > http://www.css-security.com
    >
    >
    >
    > "Ivo" <> wrote in message
    > news:...
    > > yes I tried (am trying, will continue to try) to get the machine cert via
    > > the
    > > MMC.
    > > I could not find a way to obtain it through the web interface and I
    > > understand from your answer that it is indeed not possible.
    > > So my problem is with manual cert request via the MMC.
    > >
    > > Why me?
    > > Ivo
    > >
    > > "Mark Gamache" wrote:
    > >
    > >> have you tried to get the machine cert via the MMC? I'm pretty sure you
    > >> can't get it through the web interface.
    > >>
    > >> Cheers,
    > >>
    > >> --
    > >> Mark Gamache
    > >> Certified Security Solutions
    > >> http://www.css-security.com
    > >>
    > >>
    > >>
    > >> "Ivo" <> wrote in message
    > >> news:D...
    > >> > I'm still strugling with this problem...
    > >> > It's linked to my notebook, a PC in the same network can request the
    > >> > certificates (machine and user) all right. When I bring my notebook to
    > >> > another domain, I have the same error message.
    > >> > Contrary to what I stated earlier, I can install the certificate from
    > >> > the
    > >> > web interface (//servername/certsrv) but this allows me to install the
    > >> > user
    > >> > certificates only, I don't see how I can select the machine certificate
    > >> > using
    > >> > the web interface.
    > >> > So "the CA is definitely started" and I'm logged on as domain (and
    > >> > therefore
    > >> > local machine) admin so it cannot be that I do not have the necessary
    > >> > rights.
    > >> >
    > >> > So what's wrong with my notebook reaction to certificates.
    > >> > It's running XP SP2 and the domain server is SBS2K3 on my home system
    > >> > and
    > >> > SBS2K where I ran the tests this afternoon.
    > >> >
    > >> > Any suggestions are very much welcome!
    > >> > Ivo
    > >> > "Ivo" wrote:
    > >> >
    > >> >> A manual request.
    > >> >> Tried to obtain it with a web interface too (something like
    > >> >> \\server\certsrv) but there was a similar error.
    > >> >>
    > >> >> "Mark Gamache" wrote:
    > >> >>
    > >> >> > Is this a manual request or auto-enrolment?
    > >> >> >
    > >> >> > --
    > >> >> > Mark Gamache
    > >> >> > Certified Security Solutions
    > >> >> > http://www.css-security.com
    > >> >> >
    > >> >> >
    > >> >> >
    > >> >> > "Ivo" <> wrote in message
    > >> >> > news:...
    > >> >> > >I keep getting the messag: The certificate request failed because
    > >> >> > >one
    > >> >> > >of
    > >> >> > >the
    > >> >> > > following conditions:
    > >> >> > > - The certificate request was submitted to a Certification
    > >> >> > > Authority
    > >> >> > > (CA)
    > >> >> > > that is not started. (OR)
    > >> >> > > - You do not have the permissions to request certificates from the
    > >> >> > > available
    > >> >> > > CAs.
    > >> >> > >
    > >> >> > > I'm having this problem on my notebook (using my account and also
    > >> >> > > as
    > >> >> > > administrator), the SBS2003 is the CA. When I do this on another
    > >> >> > > (desktop)
    > >> >> > > PC
    > >> >> > > with the same credentials it works OK.
    > >> >> > >
    > >> >> > > Any ideas on how to solve this problem? My notebook has been used
    > >> >> > > outside
    > >> >> > > and has swapped domains, it is now back in my domain but it is
    > >> >> > > still
    > >> >> > > looking
    > >> >> > > for CAs in the other domain? Don't know if this matters, really?
    > >> >> > > In
    > >> >> > > fact I
    > >> >> > > have no clue about what's going on here.
    > >> >> > >
    > >> >> > > Suggestions on this matter are highly appreciated...
    > >> >> > > Ivo
    > >> >> >
    > >> >> >
    > >> >> >
    > >>
    > >>
    > >>

    >
    >
    >
     
    =?Utf-8?B?SXZv?=, Feb 21, 2005
    #8
  9. =?Utf-8?B?SXZv?=

    Mark Gamache Guest

    I'm a bit confused. You referenced another domain or something to that
    effect. To be clear, is the laptop a member of the same domain as the CA?
    Have you turned on all of the CA auditing and checked the logs?

    Cheers,

    --
    Mark Gamache
    Certified Security Solutions
    http://www.css-security.com



    "Ivo" <> wrote in message
    news:...
    > yes, Domain Administrator and ivo are members of the local Administrators
    > on
    > the client machine.
    >
    > "Mark Gamache" wrote:
    >
    >> are you an administrator on the client machine?
    >>
    >> --
    >> Mark Gamache
    >> Certified Security Solutions
    >> http://www.css-security.com
    >>
    >>
    >>
    >> "Ivo" <> wrote in message
    >> news:...
    >> > yes I tried (am trying, will continue to try) to get the machine cert
    >> > via
    >> > the
    >> > MMC.
    >> > I could not find a way to obtain it through the web interface and I
    >> > understand from your answer that it is indeed not possible.
    >> > So my problem is with manual cert request via the MMC.
    >> >
    >> > Why me?
    >> > Ivo
    >> >
    >> > "Mark Gamache" wrote:
    >> >
    >> >> have you tried to get the machine cert via the MMC? I'm pretty sure
    >> >> you
    >> >> can't get it through the web interface.
    >> >>
    >> >> Cheers,
    >> >>
    >> >> --
    >> >> Mark Gamache
    >> >> Certified Security Solutions
    >> >> http://www.css-security.com
    >> >>
    >> >>
    >> >>
    >> >> "Ivo" <> wrote in message
    >> >> news:D...
    >> >> > I'm still strugling with this problem...
    >> >> > It's linked to my notebook, a PC in the same network can request the
    >> >> > certificates (machine and user) all right. When I bring my notebook
    >> >> > to
    >> >> > another domain, I have the same error message.
    >> >> > Contrary to what I stated earlier, I can install the certificate
    >> >> > from
    >> >> > the
    >> >> > web interface (//servername/certsrv) but this allows me to install
    >> >> > the
    >> >> > user
    >> >> > certificates only, I don't see how I can select the machine
    >> >> > certificate
    >> >> > using
    >> >> > the web interface.
    >> >> > So "the CA is definitely started" and I'm logged on as domain (and
    >> >> > therefore
    >> >> > local machine) admin so it cannot be that I do not have the
    >> >> > necessary
    >> >> > rights.
    >> >> >
    >> >> > So what's wrong with my notebook reaction to certificates.
    >> >> > It's running XP SP2 and the domain server is SBS2K3 on my home
    >> >> > system
    >> >> > and
    >> >> > SBS2K where I ran the tests this afternoon.
    >> >> >
    >> >> > Any suggestions are very much welcome!
    >> >> > Ivo
    >> >> > "Ivo" wrote:
    >> >> >
    >> >> >> A manual request.
    >> >> >> Tried to obtain it with a web interface too (something like
    >> >> >> \\server\certsrv) but there was a similar error.
    >> >> >>
    >> >> >> "Mark Gamache" wrote:
    >> >> >>
    >> >> >> > Is this a manual request or auto-enrolment?
    >> >> >> >
    >> >> >> > --
    >> >> >> > Mark Gamache
    >> >> >> > Certified Security Solutions
    >> >> >> > http://www.css-security.com
    >> >> >> >
    >> >> >> >
    >> >> >> >
    >> >> >> > "Ivo" <> wrote in message
    >> >> >> > news:...
    >> >> >> > >I keep getting the messag: The certificate request failed
    >> >> >> > >because
    >> >> >> > >one
    >> >> >> > >of
    >> >> >> > >the
    >> >> >> > > following conditions:
    >> >> >> > > - The certificate request was submitted to a Certification
    >> >> >> > > Authority
    >> >> >> > > (CA)
    >> >> >> > > that is not started. (OR)
    >> >> >> > > - You do not have the permissions to request certificates from
    >> >> >> > > the
    >> >> >> > > available
    >> >> >> > > CAs.
    >> >> >> > >
    >> >> >> > > I'm having this problem on my notebook (using my account and
    >> >> >> > > also
    >> >> >> > > as
    >> >> >> > > administrator), the SBS2003 is the CA. When I do this on
    >> >> >> > > another
    >> >> >> > > (desktop)
    >> >> >> > > PC
    >> >> >> > > with the same credentials it works OK.
    >> >> >> > >
    >> >> >> > > Any ideas on how to solve this problem? My notebook has been
    >> >> >> > > used
    >> >> >> > > outside
    >> >> >> > > and has swapped domains, it is now back in my domain but it is
    >> >> >> > > still
    >> >> >> > > looking
    >> >> >> > > for CAs in the other domain? Don't know if this matters,
    >> >> >> > > really?
    >> >> >> > > In
    >> >> >> > > fact I
    >> >> >> > > have no clue about what's going on here.
    >> >> >> > >
    >> >> >> > > Suggestions on this matter are highly appreciated...
    >> >> >> > > Ivo
    >> >> >> >
    >> >> >> >
    >> >> >> >
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Mark Gamache, Feb 21, 2005
    #9
  10. Sorry for the confusion. I simply wanted to report that I used my notebook on
    two sites, two domain and that the error was the same. In both cases, the
    notebook was introduced into the domain and a user with local administrator
    rights was doing the mmc certificate request. In one of these domains, i.e.
    my home domain (with SBS2003 domain server and root CA), I did the same
    actions on another PC and there was no problem, so I guess teh problem must
    be related to my notebook.
    I have not turned on all of the CA auditing nor dit I check the logs until
    now. And it's bed time now.
    Many thanks for talking with me, I will search into the logs,
    Ivo

    "Mark Gamache" wrote:

    > I'm a bit confused. You referenced another domain or something to that
    > effect. To be clear, is the laptop a member of the same domain as the CA?
    > Have you turned on all of the CA auditing and checked the logs?
    >
    > Cheers,
    >
    > --
    > Mark Gamache
    > Certified Security Solutions
    > http://www.css-security.com
    >
    >
    >
    > "Ivo" <> wrote in message
    > news:...
    > > yes, Domain Administrator and ivo are members of the local Administrators
    > > on
    > > the client machine.
    > >
    > > "Mark Gamache" wrote:
    > >
    > >> are you an administrator on the client machine?
    > >>
    > >> --
    > >> Mark Gamache
    > >> Certified Security Solutions
    > >> http://www.css-security.com
    > >>
    > >>
    > >>
    > >> "Ivo" <> wrote in message
    > >> news:...
    > >> > yes I tried (am trying, will continue to try) to get the machine cert
    > >> > via
    > >> > the
    > >> > MMC.
    > >> > I could not find a way to obtain it through the web interface and I
    > >> > understand from your answer that it is indeed not possible.
    > >> > So my problem is with manual cert request via the MMC.
    > >> >
    > >> > Why me?
    > >> > Ivo
    > >> >
    > >> > "Mark Gamache" wrote:
    > >> >
    > >> >> have you tried to get the machine cert via the MMC? I'm pretty sure
    > >> >> you
    > >> >> can't get it through the web interface.
    > >> >>
    > >> >> Cheers,
    > >> >>
    > >> >> --
    > >> >> Mark Gamache
    > >> >> Certified Security Solutions
    > >> >> http://www.css-security.com
    > >> >>
    > >> >>
    > >> >>
    > >> >> "Ivo" <> wrote in message
    > >> >> news:D...
    > >> >> > I'm still strugling with this problem...
    > >> >> > It's linked to my notebook, a PC in the same network can request the
    > >> >> > certificates (machine and user) all right. When I bring my notebook
    > >> >> > to
    > >> >> > another domain, I have the same error message.
    > >> >> > Contrary to what I stated earlier, I can install the certificate
    > >> >> > from
    > >> >> > the
    > >> >> > web interface (//servername/certsrv) but this allows me to install
    > >> >> > the
    > >> >> > user
    > >> >> > certificates only, I don't see how I can select the machine
    > >> >> > certificate
    > >> >> > using
    > >> >> > the web interface.
    > >> >> > So "the CA is definitely started" and I'm logged on as domain (and
    > >> >> > therefore
    > >> >> > local machine) admin so it cannot be that I do not have the
    > >> >> > necessary
    > >> >> > rights.
    > >> >> >
    > >> >> > So what's wrong with my notebook reaction to certificates.
    > >> >> > It's running XP SP2 and the domain server is SBS2K3 on my home
    > >> >> > system
    > >> >> > and
    > >> >> > SBS2K where I ran the tests this afternoon.
    > >> >> >
    > >> >> > Any suggestions are very much welcome!
    > >> >> > Ivo
    > >> >> > "Ivo" wrote:
    > >> >> >
    > >> >> >> A manual request.
    > >> >> >> Tried to obtain it with a web interface too (something like
    > >> >> >> \\server\certsrv) but there was a similar error.
    > >> >> >>
    > >> >> >> "Mark Gamache" wrote:
    > >> >> >>
    > >> >> >> > Is this a manual request or auto-enrolment?
    > >> >> >> >
    > >> >> >> > --
    > >> >> >> > Mark Gamache
    > >> >> >> > Certified Security Solutions
    > >> >> >> > http://www.css-security.com
    > >> >> >> >
    > >> >> >> >
    > >> >> >> >
    > >> >> >> > "Ivo" <> wrote in message
    > >> >> >> > news:...
    > >> >> >> > >I keep getting the messag: The certificate request failed
    > >> >> >> > >because
    > >> >> >> > >one
    > >> >> >> > >of
    > >> >> >> > >the
    > >> >> >> > > following conditions:
    > >> >> >> > > - The certificate request was submitted to a Certification
    > >> >> >> > > Authority
    > >> >> >> > > (CA)
    > >> >> >> > > that is not started. (OR)
    > >> >> >> > > - You do not have the permissions to request certificates from
    > >> >> >> > > the
    > >> >> >> > > available
    > >> >> >> > > CAs.
    > >> >> >> > >
    > >> >> >> > > I'm having this problem on my notebook (using my account and
    > >> >> >> > > also
    > >> >> >> > > as
    > >> >> >> > > administrator), the SBS2003 is the CA. When I do this on
    > >> >> >> > > another
    > >> >> >> > > (desktop)
    > >> >> >> > > PC
    > >> >> >> > > with the same credentials it works OK.
    > >> >> >> > >
    > >> >> >> > > Any ideas on how to solve this problem? My notebook has been
    > >> >> >> > > used
    > >> >> >> > > outside
    > >> >> >> > > and has swapped domains, it is now back in my domain but it is
    > >> >> >> > > still
    > >> >> >> > > looking
    > >> >> >> > > for CAs in the other domain? Don't know if this matters,
    > >> >> >> > > really?
    > >> >> >> > > In
    > >> >> >> > > fact I
    > >> >> >> > > have no clue about what's going on here.
    > >> >> >> > >
    > >> >> >> > > Suggestions on this matter are highly appreciated...
    > >> >> >> > > Ivo
    > >> >> >> >
    > >> >> >> >
    > >> >> >> >
    > >> >>
    > >> >>
    > >> >>
    > >>
    > >>
    > >>

    >
    >
    >
     
    =?Utf-8?B?SXZv?=, Feb 21, 2005
    #10
  11. The MMC manual request keeps failing (same error messages as reported
    earlier). And I found following event in the Application Event on my
    notebook, the autoenrollment of the computer network also fails. The notebook
    is connected on the wired LAN and works fine except for this issue.

    Event Type: Error
    Event Source: AutoEnrollment
    Event Category: None
    Event ID: 13
    Date: 22/02/2005
    Time: 11:36:15
    User: N/A
    Computer: TM803LMI
    Description:
    Automatic certificate enrollment for local system failed to enroll for one
    Computer certificate (0x80070005). Access is denied.


    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
     
    =?Utf-8?B?SXZv?=, Feb 22, 2005
    #11
  12. =?Utf-8?B?SXZv?=

    Mark Gamache Guest

    I'd double check that your computer account has read and enroll permissions
    for the cert. It seems that your computer doesn't have the rights to enroll
    for the cert. Is the laptop running a server OS?

    Cheers,

    --
    Mark Gamache
    Certified Security Solutions
    http://www.css-security.com



    "Ivo" <> wrote in message
    news:...
    > The MMC manual request keeps failing (same error messages as reported
    > earlier). And I found following event in the Application Event on my
    > notebook, the autoenrollment of the computer network also fails. The
    > notebook
    > is connected on the wired LAN and works fine except for this issue.
    >
    > Event Type: Error
    > Event Source: AutoEnrollment
    > Event Category: None
    > Event ID: 13
    > Date: 22/02/2005
    > Time: 11:36:15
    > User: N/A
    > Computer: TM803LMI
    > Description:
    > Automatic certificate enrollment for local system failed to enroll for one
    > Computer certificate (0x80070005). Access is denied.
    >
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    >
    >
     
    Mark Gamache, Feb 22, 2005
    #12
  13. Interesting remark, the laptop just joined the domain, that's all. Just like
    another PC and that one can do MMC manual certificate requests all right. The
    laptop is running Windows XP Professional Service Pack 2 (like the other PC).
    Where can I check these permissions?

    Thanks, Ivo

    "Mark Gamache" wrote:

    > I'd double check that your computer account has read and enroll permissions
    > for the cert. It seems that your computer doesn't have the rights to enroll
    > for the cert. Is the laptop running a server OS?
    >
    > Cheers,
    >
    > --
    > Mark Gamache
    > Certified Security Solutions
    > http://www.css-security.com
     
    =?Utf-8?B?SXZv?=, Feb 22, 2005
    #13
  14. =?Utf-8?B?SXZv?=

    Mark Gamache Guest

    Try this http://support.microsoft.com/kb/239452/EN-US/

    The scenario is slightly different, but I think the cause and resolution may
    match your situation. The access denies appears to be access tot he CA or
    its templates. Its clear that you have access to the resources on your
    laptop.

    --
    Mark Gamache
    Certified Security Solutions
    http://www.css-security.com



    "Ivo" <> wrote in message
    news:...
    > Interesting remark, the laptop just joined the domain, that's all. Just
    > like
    > another PC and that one can do MMC manual certificate requests all right.
    > The
    > laptop is running Windows XP Professional Service Pack 2 (like the other
    > PC).
    > Where can I check these permissions?
    >
    > Thanks, Ivo
    >
    > "Mark Gamache" wrote:
    >
    >> I'd double check that your computer account has read and enroll
    >> permissions
    >> for the cert. It seems that your computer doesn't have the rights to
    >> enroll
    >> for the cert. Is the laptop running a server OS?
    >>
    >> Cheers,
    >>
    >> --
    >> Mark Gamache
    >> Certified Security Solutions
    >> http://www.css-security.com
     
    Mark Gamache, Feb 22, 2005
    #14
  15. Interestint that you managed to find the article with the exact error code,
    it's for use wit W2K though and at home I have a W2K3 SBS.
    I followed the KB article:

    Grant Read and Enroll access for the template to the appropriate user or
    group by using the Sites and Services snap-in. You can set the access rights
    on the Security tab by expanding the following items: Services, Public Key
    Services, Certificate Templates.
    Note that the Show Services Node check box must be selected on the View
    menu to see the Services tab.

    I added the right to the following template: MachineEnrollmentAgent
    Properties, so Domain Computers, were added with Read & Enroll Allowed.

    I stopped and restarted the Certification Service on the server, restarted
    the laptop but the auto enrollment error reappeard. I did a gpupdate /force
    on the laptop and restarted the laptop but alas.

    Regards, Ivo

    "Mark Gamache" wrote:

    > Try this http://support.microsoft.com/kb/239452/EN-US/
    >
    > The scenario is slightly different, but I think the cause and resolution may
    > match your situation. The access denies appears to be access tot he CA or
    > its templates. Its clear that you have access to the resources on your
    > laptop.
    >
    > --
    > Mark Gamache
    > Certified Security Solutions
    > http://www.css-security.com
    >
    >
    >
    > "Ivo" <> wrote in message
    > news:...
    > > Interesting remark, the laptop just joined the domain, that's all. Just
    > > like
    > > another PC and that one can do MMC manual certificate requests all right.
    > > The
    > > laptop is running Windows XP Professional Service Pack 2 (like the other
    > > PC).
    > > Where can I check these permissions?
    > >
    > > Thanks, Ivo
    > >
    > > "Mark Gamache" wrote:
    > >
    > >> I'd double check that your computer account has read and enroll
    > >> permissions
    > >> for the cert. It seems that your computer doesn't have the rights to
    > >> enroll
    > >> for the cert. Is the laptop running a server OS?
    > >>
    > >> Cheers,
    > >>
    > >> --
    > >> Mark Gamache
    > >> Certified Security Solutions
    > >> http://www.css-security.com

    >
    >
    >
     
    =?Utf-8?B?SXZv?=, Feb 22, 2005
    #15
  16. I checked on the problem free PC (the one that can do manual MMC certificate
    requests) for autoenrollment error in the Application Event... and this one
    has problems with autoenrollment too, although the error code is different.

    When I do a manual MMC certificate request as domain administrator on the
    laptop (see earlier messages), then I should have enough rights to do that,
    and computer rights should not play a role, different from autoenrollment.

    I would be happy to do a successful manual MMC certification request...

    Regards,
    Ivo


    Event Type: Error
    Event Source: AutoEnrollment
    Event Category: None
    Event ID: 15
    Date: 15/02/2005
    Time: 21:56:29
    User: N/A
    Computer: DX6100MT
    Description:
    Automatic certificate enrollment for local system failed to contact the
    active directory (0x8007003a). The specified server cannot perform the
    requested operation.
    Enrollment will not be performed.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
     
    =?Utf-8?B?SXZv?=, Feb 22, 2005
    #16
  17. =?Utf-8?B?SXZv?=

    Mark Gamache Guest

    Are you able to get any certs form the CA?? You may want to try
    certutil -ping and certutil -catemplates and certutil -entinfo

    it seems like that error is related to not being able to get the CA info
    from AD. It may also be having trouble getting to AD. I'd verify that the
    client is functioning in all other respects.

    Cheers,



    --
    Mark Gamache
    Certified Security Solutions
    http://www.css-security.com



    "Ivo" <> wrote in message
    news:...
    >I checked on the problem free PC (the one that can do manual MMC
    >certificate
    > requests) for autoenrollment error in the Application Event... and this
    > one
    > has problems with autoenrollment too, although the error code is
    > different.
    >
    > When I do a manual MMC certificate request as domain administrator on the
    > laptop (see earlier messages), then I should have enough rights to do
    > that,
    > and computer rights should not play a role, different from autoenrollment.
    >
    > I would be happy to do a successful manual MMC certification request...
    >
    > Regards,
    > Ivo
    >
    >
    > Event Type: Error
    > Event Source: AutoEnrollment
    > Event Category: None
    > Event ID: 15
    > Date: 15/02/2005
    > Time: 21:56:29
    > User: N/A
    > Computer: DX6100MT
    > Description:
    > Automatic certificate enrollment for local system failed to contact the
    > active directory (0x8007003a). The specified server cannot perform the
    > requested operation.
    > Enrollment will not be performed.
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    >
     
    Mark Gamache, Feb 23, 2005
    #17
  18. =?Utf-8?B?SXZv?=

    rbassilian

    Joined:
    Sep 20, 2007
    Messages:
    1
    Location:
    Mar Vista, CA
    Same issue

    I'm having a similar issue. The interesting thing is that I can install a user based certificate just fine, but when I install a computer based certificate I get the error.
     
    rbassilian, Sep 20, 2007
    #18
  19. =?Utf-8?B?SXZv?=

    WhatIThink

    Joined:
    Dec 2, 2008
    Messages:
    5
    me too

    I am having the exact same problem. I can request user certificates but not computer certs. I have gone through all DCOM, template permissions, CA permissions, etc. Pulling my hair out here.

    Did you ever find the answer?
     
    WhatIThink, Sep 3, 2010
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?S2Vu?=

    Certificate request wizard

    =?Utf-8?B?S2Vu?=, May 25, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    2,593
    =?Utf-8?B?S2Vu?=
    May 25, 2005
  2. RANEENAFIFI

    REQUEST TO CERTIFICATE

    RANEENAFIFI, Mar 17, 2005, in forum: MCSE
    Replies:
    0
    Views:
    428
    RANEENAFIFI
    Mar 17, 2005
  3. RANEENAFIFI

    REQUEST TO CERTIFICATE

    RANEENAFIFI, Mar 17, 2005, in forum: MCSE
    Replies:
    1
    Views:
    449
    =?Utf-8?B?QW1leSBBYmh5YW5rYXIu?=
    Mar 20, 2005
  4. belfast-biker
    Replies:
    0
    Views:
    1,173
    belfast-biker
    Jan 14, 2006
  5. News Reader
    Replies:
    3
    Views:
    593
    Graham
    Oct 26, 2006
Loading...

Share This Page