Access is denied 0x8007005 error when adding Certiciate Authority

[Guest]

Hello

I installed a root enterprise CA (I'll call it "bigdog") and then wanted to install a subordinate enterprise CA in the same domain (I'll call the domain "barks.org"). When I do, I get this error

"Cannot ping selected CA. Make sure the CA is runnin
Access is denied. 0x80070005 (Win32: 5)

Also, I'm logged in as an Enterprise admin when installing the CA. I opened the CA installation log (WINNT\certocm.log) and found this error

CA Certificate Request: 0x0(0
Select CA: bigdog.barks.org: BARKS root C
Get Server CA Name: bigdog.barks.org: Access is denied. 0x80070005 (WIN32: 5

It seems like its some sort of permissions error when my soon-to-be subordinate CA (member server) attempts to access some active directory information about the enterprise CA (domain controller)

I attempted the fix in KB 281271 (single-level domain scenario) to no avail. I also tried giving the everyone group enroll permissions on the enterprise CA, and trusting the member server for delecation in ADUC

Also, I can ping my enterprise CA from the member server

BTW, the member server is running in a VMware virtual machine (bridged NIC)

Any ideas

 

[Steve309]

I just solved the error. The reason was that all Enterprise CAs must be
domain controllers, and the subordinate CA that I was trying to create was
only a member server. Upgrading it to a domain controller fixed the issue.

No thanks to those wonderfully descriptive Microsoft error messages.

Steve

Hello,

I installed a root enterprise CA (I'll call it "bigdog") and then wanted

to install a subordinate enterprise CA in the same domain (I'll call the
domain "barks.org"). When I do, I get this error:

"Cannot ping selected CA. Make sure the CA is running
Access is denied. 0x80070005 (Win32: 5)"

Also, I'm logged in as an Enterprise admin when installing the CA. I

opened the CA installation log (WINNT\certocm.log) and found this error:

CA Certificate Request: 0x0(0)
Select CA: bigdog.barks.org: BARKS root CA
Get Server CA Name: bigdog.barks.org: Access is denied. 0x80070005 (WIN32: 5)

It seems like its some sort of permissions error when my soon-to-be

subordinate CA (member server) attempts to access some active directory
information about the enterprise CA (domain controller).

I attempted the fix in KB 281271 (single-level domain scenario) to no

avail. I also tried giving the everyone group enroll permissions on the
enterprise CA, and trusting the member server for delecation in ADUC.