Error 0x80094001 while enrolling User Certificate

[Guest]

I have W2K3 forest with two domains ad.test.com (forest root) and
sub.ad.test.com. I have Enterprise CA installed on server in sub.ad.test.com.
I modified Cert. Templates security to let users (ib sub domain) Enroll
certificates. I configured Computer certificate enrollment with GPO. Most of
comps get their certificate. But I cannot Enroll User Certificate using Web
or MMC. When I try I get:

"Certificate Services denied request 106 because The request subject name is
invalid or too long. 0x80094001 (-2146877439). The request was for
SUB\Administrator. Additional information: Error Constructing or Publishing
Certificate"
Still I can Enroll Basic EFS certificate.
Please Help!

 

[Steven L Umbach]

Does this happen for all user accounts and for both mmc and Web Enroll
request?? When you try Web Enrollment try both regular [user certificate]
first option and advanced request to see if it makes a difference. If
problems persist run the netdiag support tool on the computer making the
request from to make sure it can contact domain controller, has secure
channel, etc. --- Steve

 

[Guest]

As I said before I can enroll certificates such as: Basic EFS, Administrator,
Workstation Autentification through both web and mmc intefaces.

Does this happen for all user accounts and for both mmc and Web Enroll
request?? When you try Web Enrollment try both regular [user certificate]
first option and advanced request to see if it makes a difference. If
problems persist run the netdiag support tool on the computer making the
request from to make sure it can contact domain controller, has secure
channel, etc. --- Steve

I have W2K3 forest with two domains ad.test.com (forest root) and
sub.ad.test.com. I have Enterprise CA installed on server in
sub.ad.test.com.
I modified Cert. Templates security to let users (ib sub domain) Enroll
certificates. I configured Computer certificate enrollment with GPO. Most
of
comps get their certificate. But I cannot Enroll User Certificate using
Web
or MMC. When I try I get:

"Certificate Services denied request 106 because The request subject name
is
invalid or too long. 0x80094001 (-2146877439). The request was for
SUB\Administrator. Additional information: Error Constructing or
Publishing
Certificate"
Still I can Enroll Basic EFS certificate.
Please Help!

 

[Steven L Umbach]

If you were able to request and receive those certificates via mmc and on
the same computer it failed for user then what I would try is to enable
issuance of certificates for user signature and client authentication to try
and to request those on the same computer. If those certificates are able to
be issued I would try the same on a different computer for a different user
to see if the same happens. If it does there could be some sort of
corruption with the user certificate template. --- Steve

As I said before I can enroll certificates such as: Basic EFS,
Administrator,
Workstation Autentification through both web and mmc intefaces.

Does this happen for all user accounts and for both mmc and Web Enroll
request?? When you try Web Enrollment try both regular [user certificate]
first option and advanced request to see if it makes a difference. If
problems persist run the netdiag support tool on the computer making the
request from to make sure it can contact domain controller, has secure
channel, etc. --- Steve

I have W2K3 forest with two domains ad.test.com (forest root) and
sub.ad.test.com. I have Enterprise CA installed on server in
sub.ad.test.com.
I modified Cert. Templates security to let users (ib sub domain) Enroll
certificates. I configured Computer certificate enrollment with GPO.
Most
of
comps get their certificate. But I cannot Enroll User Certificate using
Web
or MMC. When I try I get:

"Certificate Services denied request 106 because The request subject
name
is
invalid or too long. 0x80094001 (-2146877439). The request was for
SUB\Administrator. Additional information: Error Constructing or
Publishing
Certificate"
Still I can Enroll Basic EFS certificate.
Please Help!