Certificate Request Denied over Web Enrollment



I'm getting the following error when requesting a V1 EFS certificate
using web enrollment over our Windows 2000 IIS web enrollement server
(requesting the cert from a Windows 2003 Issuing CA):

"Certificate Request Denied

Your certificate request was denied.

Your Request Id is 5. The disposition message is "Denied by Policy
Module 0x80094800, The request was for a certificate template that is
not supported by the Certificate Services policy: EFS;;;;;;;;;;;;Basic
EFS. ".

Contact your administrator for further information."

When I request an EFS certificate using the MMC I have had no problem
at all and have done this from multiple workstations and servers. But
everytime I try the request through the web enrollment, I get this
error. This happens even though my account has full control access
(including enroll) to the EFS Certificate Template.

We are not using constrained delegation, and both the Windows 2000 web
enrollment server and the Windows 2003 Issuing CA are trusted for
delegation. We are using Windows Integrated authentication on the web
We are using the Windows Default policy module currently on the
Windows 2003 Issuing CA.

I have searched through the new "Configuring and Troubleshooting
Windows 2000 and Windows Server 2003 Certificate Services Web
Enrollment" and haven't found anything that relates to this error.

Any help would be much appreciated.



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question