G
Guest
I've been following the step-by-step guide but instead have recently
installed an Enterprise CA on a w2k3 sp2 member server in a windows 2000 AD
for the purposes of EFS. I've got a few issues so have split them into
different posts. This is the first one:
I have had a couple of event id 80 warnings but the kb articles I have found
relate to a different scenario. My logs show:
Certificate Services could not publish a Certificate for request 10 to the
following location on server <DC Servername>.<domain>.com:
CN=<user>,OU=<xxx>,,DC=<domain>,DC=com. Insufficient access rights to
perform the operation. 0x80072098 (WIN32: 8344).
ldap: 0x32: 00002098: SecErr: DSID-03150646, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
I have done/ checked the following:
- The Ent CA is a member of Cert Publishers Group
- I have imported the Ent CA root certificate into default domain policy >
Trusted Root CA
- On the Ent CA certificates.mmc there is a certificate issued to
administrator by administrator under AD user objects however I believe this
was issued locally on the DC as it is not trusted
- Also on the Ent CA certificates.mmc the certifacte for the Ent CA appears
in Trusted Root CA
- Finally under certificate templates.mmc on the Ent CA I have added our
two DC's computer accounts and given them read/ write and enroll permissions.
I've since rebooted the Ent CA and have not had any more warnings. Have I
done this correctly or maybe done too many steps?
Also, If I go to the CA mmc and look under Issued Certificates, I can see
all the
certificates that have been issued. If I open the certificate I can see that
the certificate validates to a root CA that appears to be trusted by the
remote pc. To ensure this certificate is valid, verify this certificate on
that computer
What does this refer to?
Thanks
installed an Enterprise CA on a w2k3 sp2 member server in a windows 2000 AD
for the purposes of EFS. I've got a few issues so have split them into
different posts. This is the first one:
I have had a couple of event id 80 warnings but the kb articles I have found
relate to a different scenario. My logs show:
Certificate Services could not publish a Certificate for request 10 to the
following location on server <DC Servername>.<domain>.com:
CN=<user>,OU=<xxx>,,DC=<domain>,DC=com. Insufficient access rights to
perform the operation. 0x80072098 (WIN32: 8344).
ldap: 0x32: 00002098: SecErr: DSID-03150646, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
I have done/ checked the following:
- The Ent CA is a member of Cert Publishers Group
- I have imported the Ent CA root certificate into default domain policy >
Trusted Root CA
- On the Ent CA certificates.mmc there is a certificate issued to
administrator by administrator under AD user objects however I believe this
was issued locally on the DC as it is not trusted
- Also on the Ent CA certificates.mmc the certifacte for the Ent CA appears
in Trusted Root CA
- Finally under certificate templates.mmc on the Ent CA I have added our
two DC's computer accounts and given them read/ write and enroll permissions.
I've since rebooted the Ent CA and have not had any more warnings. Have I
done this correctly or maybe done too many steps?
Also, If I go to the CA mmc and look under Issued Certificates, I can see
all the
certificates that have been issued. If I open the certificate I can see that
the certificate validates to a root CA that appears to be trusted by the
remote pc. To ensure this certificate is valid, verify this certificate on
that computer
What does this refer to?
Thanks