Autoenrollment of Computer Certificates not working as expected.

  • Thread starter Thread starter Steve
  • Start date Start date
S

Steve

I set up autoenrollment for computer certificates as described in
Microsoft Knowledge Base Article - 313407. However when I refresh my
computer policy on my windows XP machines I am not getting a computer
certificate (MMC certificates, Local computer, personal store). I see
a SceCli Security Policy has been applied successfully after a
gpupdate /target:computer. Any ideas on how to figure out what is
going on?

TIA,
Steve
 
Make sure that the computers are within the scope of influence of the policy. For
example if you configured it at the OU level, the computers must be in that OU
structure. Also check that your CA is working correctly by trying to request a
machine certificate from the mmc certificate snapin for computer. Your CA must be an
Enterprise CA for this to work. The link below may be helpful. --- Steve

http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
 
Is there a way to convert a CA over from stand-alone root CA to
enterprise root without having to regenerate all the issued
certificates?

TIA,
Steve
 
There may be, but I am not sure of how it is done if it can be done so I can't
comment any further as I don't want to steer you the wrong way. --- Steve
 
Back
Top