Auto Enrollment

D

Dave Robinson

Hi All,

I've got a strange problem happening with certificates. I'm trying to
get LDAP SSL working. I've installed certificate services on a member
server and configured it as an Enterprise Root. When I try to
configure the Group Policy setting for Automatic Certificate Request
Settings and I choose the Domain Controller template, I get the error:

There is no Certification Authority available for the selected
Certificate Template

I see the CA listed in Sites and Services and I also see the CA listed
in the Cert Publishers security group. The CA has Domain Controllers
listed under Policy Settings...

Any ideas? What do I need to do to get this group policy setting to
recognize the CA?
 
L

Laudon Williams [MSFT]

Could be propagation delay. Try running gpupdate /force from the system you
are using to set group policy.
 
D

Dave Robinson

I've installed the CA on a DC now and things are working fine. I'd
like to move it again to a member server though. You suggested
running gpupdate /force, but I han't even made GP changes yet, I'm
trying to but I'm not able...Any ideas?
 
L

Laudon Williams [MSFT]

Dave, machines get the list of templates they can enroll for at boot time
and when group policy refreshes. Therefore, if you make configuration
changes, the machine that is supposed to enroll will not know about the
changes unless it restarts or gets policy. gpupdate /force forces the
machine to refresh policy.

Same for installation. The machine will not know that a CA has been added
until it updates.

Hope this helps.

--
This posting is provided "AS IS" with no warranties, and confers no rights.


Dave Robinson said:
I've installed the CA on a DC now and things are working fine. I'd
like to move it again to a member server though. You suggested
running gpupdate /force, but I han't even made GP changes yet, I'm
trying to but I'm not able...Any ideas?

"Laudon Williams [MSFT]" <[email protected]> wrote in message
Could be propagation delay. Try running gpupdate /force from the system you
are using to set group policy.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

EFS Auto enroll 0
Certificates and templates 2
CA Problems 6
event id 80 & 77 certsvc 0
Question regarding issuing certificates to users 3
Web Enrollment Certificate Request Denied 2
Enrollment of certificate to a different CSP 1
Certificate Request Denied over Web Enrollment 0

Top