D
Dave Onex
Hi Folks;
I have an XP Pro laptop connected to a Windows 2000 network. One of the
Windows 2000 servers has Certificate Services installed. For some reason,
the root CA certificate has not made it's way to the XP laptop.
I checked all the other Windows 2000 machines and each one got it
automatically from Active Directory. Each of the Windows 2000 machines is
able to request a certificate through the MMC and obtain one. Certificate
services appears to be working fine on the network - even the ISA server can
get one!
However, the XP Pro machine does not have the enterprise root CA certificate
installed under Trusted Root Authorities. I tried doing a gpudate /force
thinking it would cause the machine to get the enterprise root certificate
from Active Directory - but it didn't.
So, I have two problems;
1) the xp pro laptop does not have the domain's certificate installed under
Trusted Root Certification Authorities &
2) if I try to manually request a certificate through MMC I get this error;
Certificate Request Wizard
The wizard cannot be started because of one or more of the following
conditions:
-There are no trusted certification authorities (CAs) available (could this
be because there is no Trusted root certificate installed?)
-You do not have the permissions to request certificates from the available
CA's (I am logged on as the network admin - highest account)
-The available CAs issue certificates for which you do not have permissions
(can't see that one as the issue)
Earlier I tried exporting the trusted root certificate from one of the other
machines and installing it on the XP machine. It installed fine but I still
could not use the MMC to get a certificate for the XP machine from the
certificate server on the network. Instead, I got the same wizard error.
Can anyone help with this? I use this machine to administer my network
remotely using an L2TP connection. But without a certificate for the XP
machine I can't use L2TP
Thanks!
Dave Onex
PS>This machine used to be able to get certificates (it had one from the
previous CA on the network) and I did disable the Windows Firewall.
I have an XP Pro laptop connected to a Windows 2000 network. One of the
Windows 2000 servers has Certificate Services installed. For some reason,
the root CA certificate has not made it's way to the XP laptop.
I checked all the other Windows 2000 machines and each one got it
automatically from Active Directory. Each of the Windows 2000 machines is
able to request a certificate through the MMC and obtain one. Certificate
services appears to be working fine on the network - even the ISA server can
get one!
However, the XP Pro machine does not have the enterprise root CA certificate
installed under Trusted Root Authorities. I tried doing a gpudate /force
thinking it would cause the machine to get the enterprise root certificate
from Active Directory - but it didn't.
So, I have two problems;
1) the xp pro laptop does not have the domain's certificate installed under
Trusted Root Certification Authorities &
2) if I try to manually request a certificate through MMC I get this error;
Certificate Request Wizard
The wizard cannot be started because of one or more of the following
conditions:
-There are no trusted certification authorities (CAs) available (could this
be because there is no Trusted root certificate installed?)
-You do not have the permissions to request certificates from the available
CA's (I am logged on as the network admin - highest account)
-The available CAs issue certificates for which you do not have permissions
(can't see that one as the issue)
Earlier I tried exporting the trusted root certificate from one of the other
machines and installing it on the XP machine. It installed fine but I still
could not use the MMC to get a certificate for the XP machine from the
certificate server on the network. Instead, I got the same wizard error.
Can anyone help with this? I use this machine to administer my network
remotely using an L2TP connection. But without a certificate for the XP
machine I can't use L2TP
Thanks!
Dave Onex
PS>This machine used to be able to get certificates (it had one from the
previous CA on the network) and I did disable the Windows Firewall.