Certificates Service: Web Enrollment Pages on another computer

[Mariano]

Configuration
-CA (enterprise CA) is installed on a pc (PC1) with Windows Server 2003
Enterprise Edition (this computer is Domain Controller);
-Web Enrollment Pages are installed on a host computer (PC2) member of
domain;

When I launch web enrollment pages from PC2 (http://localhost/certsrv) all
works fine!
when I launch web enrollment pages from PC3 (pc3 is not member of the
domain) authenticating me with a domain account, I can navigate web pages
but when I request a certificate the following error occurs:


Your request failed. An error occurred while the server was processing your
request.

Contact your administrator for further assistance.

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
Access is denied. 0x80070005 (WIN32: 5)
COM Error Info:
CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
LastStatus:
The operation completed successfully. 0x0 (WIN32: 0)
Suggested Cause:
The Certification Authority Service has not been started.


In event viewer (system) of PC2 there is:

DCOM got error "General access denied error " from the computer
computername.domainname when attempting to activate the server:
{D99E6E74-FC88-11D0-B498-00A0C90312F3}


Help me.
Thanks.

Mariano.

 

[Steven L Umbach]

I am pretty sure that your problem is that since you are using an Enterprise CA, the
Web Enrollment Server needs to be a member of the domain in order to access AD and
probably trusted for delegation. --- Steve