Access is denied 0x8007005 error when adding Certiciate Authority

G

Guest

Hello

I installed a root enterprise CA (I'll call it "bigdog") and then wanted to install a subordinate enterprise CA in the same domain (I'll call the domain "barks.org"). When I do, I get this error

"Cannot ping selected CA. Make sure the CA is runnin
Access is denied. 0x80070005 (Win32: 5)

Also, I'm logged in as an Enterprise admin when installing the CA. I opened the CA installation log (WINNT\certocm.log) and found this error

CA Certificate Request: 0x0(0
Select CA: bigdog.barks.org: BARKS root C
Get Server CA Name: bigdog.barks.org: Access is denied. 0x80070005 (WIN32: 5

It seems like its some sort of permissions error when my soon-to-be subordinate CA (member server) attempts to access some active directory information about the enterprise CA (domain controller)

I attempted the fix in KB 281271 (single-level domain scenario) to no avail. I also tried giving the everyone group enroll permissions on the enterprise CA, and trusting the member server for delecation in ADUC

Also, I can ping my enterprise CA from the member server

BTW, the member server is running in a VMware virtual machine (bridged NIC)

Any ideas
 
S

Steve309

I just solved the error. The reason was that all Enterprise CAs must be
domain controllers, and the subordinate CA that I was trying to create was
only a member server. Upgrading it to a domain controller fixed the issue.

No thanks to those wonderfully descriptive Microsoft error messages.

Steve

Steve309 said:
Hello,

I installed a root enterprise CA (I'll call it "bigdog") and then wanted
Click to expand...
to install a subordinate enterprise CA in the same domain (I'll call the
domain "barks.org"). When I do, I get this error:
"Cannot ping selected CA. Make sure the CA is running
Access is denied. 0x80070005 (Win32: 5)"

Also, I'm logged in as an Enterprise admin when installing the CA. I
Click to expand...
opened the CA installation log (WINNT\certocm.log) and found this error:
CA Certificate Request: 0x0(0)
Select CA: bigdog.barks.org: BARKS root CA
Get Server CA Name: bigdog.barks.org: Access is denied. 0x80070005 (WIN32: 5)

It seems like its some sort of permissions error when my soon-to-be
Click to expand...
subordinate CA (member server) attempts to access some active directory
information about the enterprise CA (domain controller).
I attempted the fix in KB 281271 (single-level domain scenario) to no
Click to expand...
avail. I also tried giving the everyone group enroll permissions on the
enterprise CA, and trusting the member server for delecation in ADUC.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot Ping the Selected CA. Please make sure the CA is running. Access is denied. 0
event id 80 & 77 certsvc 0
Enterprise CA access 5
CRL distribution point in AD problem 0
Web Enrollment pages on another computer 3
Certificates Service: Web Enrollment Pages on another computer 1
Requesting a certificate for a Cisco PIX 1
CA Problems 6

Top