Error enrolling certificates using Microsoft CA web pages

[Flavia]

Hi all,

I have a Windows 2000 Server machine with a Microsoft CA
(enterprise CA)and Active Directory installed and
configured.

On a Windows 2000 Professional machine on the same network
I installed an enrollment agent certificate in order to
enable requesting certificates in behalf of other users.
But whenever I try to request a certificate through
Microsoft CA web pages, choosing that option (request a
certificate in behalf of another user), I get the
following error on the "Smart Card Enrollment Station"
page: "An unexpected fatal error has occured: No templates
could be found. There are no CAs from which you have
permission to request a certificate, or an error occured
while accessing the Active Directory."

Any idea of what may be happening??

Thanks,
Flavia.

 

[Steven L Umbach]

Hi Flavia. I have not used smart cards, but here are a couple of things to
check and maybe Dave will reply later. In the CA mmc make sure you add the
proper certifictates to issue in policy settings such as smart card user.
Then in Active Directory Sites and Services, under view make sure services
node is selected. Then under public key certificates/certificate templates,
check the properties/security for the certificates you are using and issuing
to make sure that you have the proper permissions. The three links below
are Microsoft documentation on smart card enrollment and
roubleshooting. --- Steve

http://tinyurl.com/nkg1
http://tinyurl.com/nkep
http://tinyurl.com/nkf6