Web Enrollment pages on another computer

M

Mariano

Configuration
-CA (enterprise CA) is installed on a pc (PC1) with Windows Server 2003
Enterprise Edition (this computer is Domain Controller);
-Web Enrollment Pages are installed on a host computer (PC2) member of
domain;

When I launch web enrollment pages from PC2 (http://localhost/certsrv) all
works fine!
when I launch web enrollment pages from PC3 (pc3 is not member of the
domain) authenticating me with a domain account, I can navigate web pages
but when I request a certificate the following error occurs:


Your request failed. An error occurred while the server was processing your
request.

Contact your administrator for further assistance.

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
Access is denied. 0x80070005 (WIN32: 5)
COM Error Info:
CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
LastStatus:
The operation completed successfully. 0x0 (WIN32: 0)
Suggested Cause:
The Certification Authority Service has not been started.


In event viewer (system) of PC2 there is:

DCOM got error "General access denied error " from the computer
computername.domainname when attempting to activate the server:
{D99E6E74-FC88-11D0-B498-00A0C90312F3}


Help me.
Thanks.

Mariano.
 
D

David Cross [MS]

is the machine account hosting the web pages joined to the domain (AD) and
trusted for delegation?
 
M

Mariano

Yes

David Cross said:
is the machine account hosting the web pages joined to the domain (AD) and
trusted for delegation?

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

Mariano said:
Configuration
-CA (enterprise CA) is installed on a pc (PC1) with Windows Server 2003
Enterprise Edition (this computer is Domain Controller);
-Web Enrollment Pages are installed on a host computer (PC2) member of
domain;

When I launch web enrollment pages from PC2 (http://localhost/certsrv) all
works fine!
when I launch web enrollment pages from PC3 (pc3 is not member of the
domain) authenticating me with a domain account, I can navigate web pages
but when I request a certificate the following error occurs:


Your request failed. An error occurred while the server was processing your
request.

Contact your administrator for further assistance.

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
Access is denied. 0x80070005 (WIN32: 5)
COM Error Info:
CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
LastStatus:
The operation completed successfully. 0x0 (WIN32: 0)
Suggested Cause:
The Certification Authority Service has not been started.


In event viewer (system) of PC2 there is:

DCOM got error "General access denied error " from the computer
computername.domainname when attempting to activate the server:
{D99E6E74-FC88-11D0-B498-00A0C90312F3}


Help me.
Thanks.

Mariano.
Click to expand...
Click to expand...
 
V

Vishal Agarwal[MSFT]

Did you enable basic auth for it to work?

Thanks,
Vishal Agarwal [MSFT]

--
This posting is provided "AS IS" with no warranties, and confers no rights
Mariano said:
Yes

David Cross said:
is the machine account hosting the web pages joined to the domain (AD) and
trusted for delegation?

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

Mariano said:
Configuration
-CA (enterprise CA) is installed on a pc (PC1) with Windows Server 2003
Enterprise Edition (this computer is Domain Controller);
-Web Enrollment Pages are installed on a host computer (PC2) member of
domain;

When I launch web enrollment pages from PC2 (http://localhost/certsrv) all
works fine!
when I launch web enrollment pages from PC3 (pc3 is not member of the
domain) authenticating me with a domain account, I can navigate web pages
but when I request a certificate the following error occurs:


Your request failed. An error occurred while the server was processing your
request.

Contact your administrator for further assistance.

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
Access is denied. 0x80070005 (WIN32: 5)
COM Error Info:
CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
LastStatus:
The operation completed successfully. 0x0 (WIN32: 0)
Suggested Cause:
The Certification Authority Service has not been started.


In event viewer (system) of PC2 there is:

DCOM got error "General access denied error " from the computer
computername.domainname when attempting to activate the server:
{D99E6E74-FC88-11D0-B498-00A0C90312F3}


Help me.
Thanks.

Mariano.
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Certificates Service: Web Enrollment Pages on another computer 1
Request for a user certificate Fails 7
Web Enrollment Certificate Request Denied 2
Certificate Request Denied over Web Enrollment 0
Certificate Authority web enrollment error 1
Certificate Request via Web Enrollment Pages 0
DCOM errors on Root, Policy, and Issuing CAs 0
Error enrolling certificates using Microsoft CA web pages 1

Top