Request for a user certificate Fails

G

Guest

When Requesting a User Certificate from my Enterprise Root CA it fails with
the Error Below

Request Mode:
newreq - New Request
Disposition:
FFFFFFFF - (unknown)
Disposition message:
(none)
Result:
The binding handle is invalid. 0x800706a6 (WIN32: 1702)
COM Error Info:
CCertRequest::Submit The binding handle is invalid. 0x800706a6 (WIN32: 1702)
LastStatus:
The operation completed successfully. 0x0 (0)
Suggested Cause:
No suggestions.
 
S

Steven L Umbach

Does this happen for just one user or every user on every domain computer?
Can any certificate be requested [computer or user] from the CA? Can you
logon to the CA as an administrator and request/receive a user certificate
for yourself? You may also try Web enrollment if you have not yet. Check the
logs via Event Viewer on the client computer and the CA to see if anything
relevant is reported and run the command certutil -ping on the CA to see if
it reports that CA is alive if no certificates of any kind can be
equested. --- Steve
 
G

Guest

Web Enrollment Fails, whether user or advanced but i can download a
certificate to my machine but the error occurs in any other case.

Steven L Umbach said:
Does this happen for just one user or every user on every domain computer?
Can any certificate be requested [computer or user] from the CA? Can you
logon to the CA as an administrator and request/receive a user certificate
for yourself? You may also try Web enrollment if you have not yet. Check the
logs via Event Viewer on the client computer and the CA to see if anything
relevant is reported and run the command certutil -ping on the CA to see if
it reports that CA is alive if no certificates of any kind can be
equested. --- Steve


Craig Chin said:
When Requesting a User Certificate from my Enterprise Root CA it fails
with
the Error Below

Request Mode:
newreq - New Request
Disposition:
FFFFFFFF - (unknown)
Disposition message:
(none)
Result:
The binding handle is invalid. 0x800706a6 (WIN32: 1702)
COM Error Info:
CCertRequest::Submit The binding handle is invalid. 0x800706a6 (WIN32:
1702)
LastStatus:
The operation completed successfully. 0x0 (0)
Suggested Cause:
No suggestions.
Click to expand...
Click to expand...
 
S

Steven L Umbach

So you can request and receive a user certificate on your machine. How are
you doing that - via mmc snapin for certificates?? Can you request/receive a
certificate from any domain computer?? If you can because you are an
administrator but others can not then check the permissions on the
certificate template to make sure that the global groups/users that you want
to be able to get certificates have read and enroll permissions. --- Steve


Craig Chin said:
Web Enrollment Fails, whether user or advanced but i can download a
certificate to my machine but the error occurs in any other case.

Steven L Umbach said:
Does this happen for just one user or every user on every domain
computer?
Can any certificate be requested [computer or user] from the CA? Can you
logon to the CA as an administrator and request/receive a user
certificate
for yourself? You may also try Web enrollment if you have not yet. Check
the
logs via Event Viewer on the client computer and the CA to see if
anything
relevant is reported and run the command certutil -ping on the CA to see
if
it reports that CA is alive if no certificates of any kind can be
equested. --- Steve


Craig Chin said:
When Requesting a User Certificate from my Enterprise Root CA it fails
with
the Error Below

Request Mode:
newreq - New Request
Disposition:
FFFFFFFF - (unknown)
Disposition message:
(none)
Result:
The binding handle is invalid. 0x800706a6 (WIN32: 1702)
COM Error Info:
CCertRequest::Submit The binding handle is invalid. 0x800706a6 (WIN32:
1702)
LastStatus:
The operation completed successfully. 0x0 (0)
Suggested Cause:
No suggestions.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

I cannot request a user cerificate i can only select the task retrieve the CA
certificate.I then download the CA certificate.Sorry for the Misunderstanding.
 
S

Steven L Umbach

Did certutil -ping on the CA show that the CA is active? Anything in the
system/application logs of the CA that may indicate a problem? Is this a new
problem or have you never been able to request a certificate? Can an
administrator logon to the CA itself and request a user or administrator
certificate via the mmc snapin for certificates for user by going to the
personal folder and right clicking to select all tasks - request new
certificate? If not what is the error message? Your DNS needs to be
configured correctly in the domain and if it is not many problems can arise
so review the KB article below on Active Directory DNS and try running the
support tool netdiag on the CA and a client domain computer where
certificate request fails looking for problems for DNS, dc discovery,
Kerberos, or trust/secure channel. The CA computer also needs to be trusted
for delegation in it's computer account properties in Active Directory Users
and Computer. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Craig Chin said:
Web Enrollment Fails, whether user or advanced but i can download a
certificate to my machine but the error occurs in any other case.

Steven L Umbach said:
Does this happen for just one user or every user on every domain
computer?
Can any certificate be requested [computer or user] from the CA? Can you
logon to the CA as an administrator and request/receive a user
certificate
for yourself? You may also try Web enrollment if you have not yet. Check
the
logs via Event Viewer on the client computer and the CA to see if
anything
relevant is reported and run the command certutil -ping on the CA to see
if
it reports that CA is alive if no certificates of any kind can be
equested. --- Steve


Craig Chin said:
When Requesting a User Certificate from my Enterprise Root CA it fails
with
the Error Below

Request Mode:
newreq - New Request
Disposition:
FFFFFFFF - (unknown)
Disposition message:
(none)
Result:
The binding handle is invalid. 0x800706a6 (WIN32: 1702)
COM Error Info:
CCertRequest::Submit The binding handle is invalid. 0x800706a6 (WIN32:
1702)
LastStatus:
The operation completed successfully. 0x0 (0)
Suggested Cause:
No suggestions.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Using MMC i am able to request a user certificate but the response is
serviced by THE SUB CA.

Using MMC undercertificate enrollment requests most fields have uknown as
their value

"
 
S

Steven L Umbach

Try temporarily stopping the certificate services service on the sub CA and
try again to request a user certificate via mmc snapin for user certificate
to see what happens and check the other items I listed in my last post and
verify that the root CA is configured to issue the users certificate
template. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

CA and SSL issue. 1
Web Enrollment pages on another computer 3
Certificates Service: Web Enrollment Pages on another computer 1
Certificate Authority web enrollment error 1
Certificate Request via Web Enrollment Pages 0
Web Enrollment Certificate Request Denied 2
Certificate Request Denied over Web Enrollment 0
Error 0x80094001 while enrolling User Certificate 3

Top