Certificate Request via Web Enrollment Pages

  • Thread starter Thread starter Randhir Singh
  • Start date Start date
R

Randhir Singh

Hello,
I am using Windows Server 2003 and have modified the appropriate
registery settings to publish certificates to a foreign domain
(certutil -setreg CA\AlternatePublishDomains +"DomainNames"). I've
also populated the Active Directory on the foreign domain to include a
couple users. All the security permissions have been set on the Web
Enrollment pages and the enterprise CA to allow authenticated users to
request certificates. Additionally, a domain trust has been placed in
both domains (two way trust between x.com and y.com). Users from the
foreign domain (y.com) are being permitted to access the Web
Enrollment pages on the CA domain (x.com), but are not allowed to
generate certificates. The following error is displayed after a
certificate request:

Your request failed. An error occurred while the server was processing
your request.

Contact your administrator for further assistance.

Request Mode: newreq - New Request
Disposition: (never set)
Disposition message: (none)
Result: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
COM Error Info: CCertRequest::Submit The RPC server is unavailable.
0x800706ba (WIN32: 1722)
LastStatus: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
Suggested Cause: The Certification Authority Service has not been
started.

Now, am I receiving this error because Windows enterprise CA does not
allow users outside the enterprise CA domain to request certificates?
If so, why is there an option to publish certificates in a foreign
domain?

ANY help will be appreciated.

Thanks all.

Randhir
 
Back
Top