D
Dean
I have set up an Enterprise CA on Windows 2003 Server, Entprise
Edition. After I issued a user certificate, I can get the certificate
down to the local store, but the user account does not have the user
certificate published in "Published Certificates" tab. In other words,
the user certificate was not published into Active Directory properly.
The event log shows:
Source: CertSvc
Event ID: 80
Certificate Services could not publish a Certificate for request 7 to
the following location on server dc.pki.com:
CN=pkiuser,CN=Users,DC=pki,DC=com. Insufficient access rights to
perform the operation. 0x80072098 (WIN32: 8344).
ldap: 0x32: 00002098: SecErr: DSID-031509EE, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
My Active Directory was Windows 2000 but it has run ForestPrep and
DomainPrep and has been upgraded to Windows 2003 AD schema. All DC are
now Windows 2003 but Active Directory level still stays at "Windows
2000 native".
There was a discussion that I have to add the permission to
userCertification attribution and there is an article that addresses
this issue. Does anyone know this issue and see this article?
My lab is fresh Windows 2003 Active Directory with "Windows 2003"
level. I don't have this problem in my lab. So, would it work if I
raise the Active Directory level to "Windows 2003"?
If someone can help me with this, I really appreciate it.
Thanks in advance,
Dean
Edition. After I issued a user certificate, I can get the certificate
down to the local store, but the user account does not have the user
certificate published in "Published Certificates" tab. In other words,
the user certificate was not published into Active Directory properly.
The event log shows:
Source: CertSvc
Event ID: 80
Certificate Services could not publish a Certificate for request 7 to
the following location on server dc.pki.com:
CN=pkiuser,CN=Users,DC=pki,DC=com. Insufficient access rights to
perform the operation. 0x80072098 (WIN32: 8344).
ldap: 0x32: 00002098: SecErr: DSID-031509EE, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
My Active Directory was Windows 2000 but it has run ForestPrep and
DomainPrep and has been upgraded to Windows 2003 AD schema. All DC are
now Windows 2003 but Active Directory level still stays at "Windows
2000 native".
There was a discussion that I have to add the permission to
userCertification attribution and there is an article that addresses
this issue. Does anyone know this issue and see this article?
My lab is fresh Windows 2003 Active Directory with "Windows 2003"
level. I don't have this problem in my lab. So, would it work if I
raise the Active Directory level to "Windows 2003"?
If someone can help me with this, I really appreciate it.
Thanks in advance,
Dean