D
Doug H
My company is in the process of trying to push client
certificates out to end users in a Citrix/TS environment
to authenticate to a web-based system. We want to do this
with as little user invention as possible, so we decided
on publishing the certificate in active directory. We have
done this in the past without problems and we tried to do
the same for a few users the other day and no new
certificates will publish.
These are the steps that we follow to add the certificate:
(all steps performed using same administrative user)
-Visit vendor web site to acquire the certificate
-Vendor web site installs certificate automatically in
user's "Personal" store
-Open target user who should be receiving the certificate
in AD Users & Computers, go to "Published Certificates"
tab, and add from store.
This process completes successfully and the certificate
will show in the list.
Then when we log in as the target user, the certificate is
not there. If we remove a certificate from an existing
user's store that this properly functioned for before, the
certificate will not be re-installed. If we export the
certificate to PKCS #12 and manually log in as the target
user we are able to install the certificate successfully.
Environment information:
-All Windows 2000 servers, all at SP4 with almost all
recent hotfixes installed
-Citrix servers are all MetaFrame XP with FR3
-Citrix servers are running in NT4 compat. mode
-Group policys in place restricting security, application,
and IE settings, but they have not changed drastically
since things worked before
-Domain is running Win2000 native mode
Certificate information:
-Includes private key
-RSA 1024-bit
-Issued from a private root CA run by software vendor
We have tried publishing the certificates to a number of
users, including administrative and non-administrative end
user accounts. We have run through settings in group
policys to see if there are any obvious conflicts with the
settings and what we are trying to do and found none.
If anyone has any insight as to why this is not working,
your suggestions would be great appreciated. I will be
checking this forum for replys, but you may also reach me
at doug_h11 (AT) hotmail.com.
certificates out to end users in a Citrix/TS environment
to authenticate to a web-based system. We want to do this
with as little user invention as possible, so we decided
on publishing the certificate in active directory. We have
done this in the past without problems and we tried to do
the same for a few users the other day and no new
certificates will publish.
These are the steps that we follow to add the certificate:
(all steps performed using same administrative user)
-Visit vendor web site to acquire the certificate
-Vendor web site installs certificate automatically in
user's "Personal" store
-Open target user who should be receiving the certificate
in AD Users & Computers, go to "Published Certificates"
tab, and add from store.
This process completes successfully and the certificate
will show in the list.
Then when we log in as the target user, the certificate is
not there. If we remove a certificate from an existing
user's store that this properly functioned for before, the
certificate will not be re-installed. If we export the
certificate to PKCS #12 and manually log in as the target
user we are able to install the certificate successfully.
Environment information:
-All Windows 2000 servers, all at SP4 with almost all
recent hotfixes installed
-Citrix servers are all MetaFrame XP with FR3
-Citrix servers are running in NT4 compat. mode
-Group policys in place restricting security, application,
and IE settings, but they have not changed drastically
since things worked before
-Domain is running Win2000 native mode
Certificate information:
-Includes private key
-RSA 1024-bit
-Issued from a private root CA run by software vendor
We have tried publishing the certificates to a number of
users, including administrative and non-administrative end
user accounts. We have run through settings in group
policys to see if there are any obvious conflicts with the
settings and what we are trying to do and found none.
If anyone has any insight as to why this is not working,
your suggestions would be great appreciated. I will be
checking this forum for replys, but you may also reach me
at doug_h11 (AT) hotmail.com.