Sign in with
Sign up | Sign in
Your question

Certificate request failed

Last response: in Wireless Networking
Share
February 10, 2005 5:57:03 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

I keep getting the messag: The certificate request failed because one of the
following conditions:
- The certificate request was submitted to a Certification Authority (CA)
that is not started. (OR)
- You do not have the permissions to request certificates from the available
CAs.

I'm having this problem on my notebook (using my account and also as
administrator), the SBS2003 is the CA. When I do this on another (desktop) PC
with the same credentials it works OK.

Any ideas on how to solve this problem? My notebook has been used outside
and has swapped domains, it is now back in my domain but it is still looking
for CAs in the other domain? Don't know if this matters, really? In fact I
have no clue about what's going on here.

Suggestions on this matter are highly appreciated...
Ivo
Anonymous
February 10, 2005 7:13:09 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Is this a manual request or auto-enrolment?

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



"Ivo" <Ivo@discussions.microsoft.com> wrote in message
news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
>I keep getting the messag: The certificate request failed because one of
>the
> following conditions:
> - The certificate request was submitted to a Certification Authority (CA)
> that is not started. (OR)
> - You do not have the permissions to request certificates from the
> available
> CAs.
>
> I'm having this problem on my notebook (using my account and also as
> administrator), the SBS2003 is the CA. When I do this on another (desktop)
> PC
> with the same credentials it works OK.
>
> Any ideas on how to solve this problem? My notebook has been used outside
> and has swapped domains, it is now back in my domain but it is still
> looking
> for CAs in the other domain? Don't know if this matters, really? In fact I
> have no clue about what's going on here.
>
> Suggestions on this matter are highly appreciated...
> Ivo
February 11, 2005 3:41:05 AM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

A manual request.
Tried to obtain it with a web interface too (something like
\\server\certsrv) but there was a similar error.

"Mark Gamache" wrote:

> Is this a manual request or auto-enrolment?
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
> >I keep getting the messag: The certificate request failed because one of
> >the
> > following conditions:
> > - The certificate request was submitted to a Certification Authority (CA)
> > that is not started. (OR)
> > - You do not have the permissions to request certificates from the
> > available
> > CAs.
> >
> > I'm having this problem on my notebook (using my account and also as
> > administrator), the SBS2003 is the CA. When I do this on another (desktop)
> > PC
> > with the same credentials it works OK.
> >
> > Any ideas on how to solve this problem? My notebook has been used outside
> > and has swapped domains, it is now back in my domain but it is still
> > looking
> > for CAs in the other domain? Don't know if this matters, really? In fact I
> > have no clue about what's going on here.
> >
> > Suggestions on this matter are highly appreciated...
> > Ivo
>
>
>
Related resources
February 21, 2005 4:51:04 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

I'm still strugling with this problem...
It's linked to my notebook, a PC in the same network can request the
certificates (machine and user) all right. When I bring my notebook to
another domain, I have the same error message.
Contrary to what I stated earlier, I can install the certificate from the
web interface (//servername/certsrv) but this allows me to install the user
certificates only, I don't see how I can select the machine certificate using
the web interface.
So "the CA is definitely started" and I'm logged on as domain (and therefore
local machine) admin so it cannot be that I do not have the necessary rights.

So what's wrong with my notebook reaction to certificates.
It's running XP SP2 and the domain server is SBS2K3 on my home system and
SBS2K where I ran the tests this afternoon.

Any suggestions are very much welcome!
Ivo
"Ivo" wrote:

> A manual request.
> Tried to obtain it with a web interface too (something like
> \\server\certsrv) but there was a similar error.
>
> "Mark Gamache" wrote:
>
> > Is this a manual request or auto-enrolment?
> >
> > --
> > Mark Gamache
> > Certified Security Solutions
> > http://www.css-security.com
> >
> >
> >
> > "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> > news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
> > >I keep getting the messag: The certificate request failed because one of
> > >the
> > > following conditions:
> > > - The certificate request was submitted to a Certification Authority (CA)
> > > that is not started. (OR)
> > > - You do not have the permissions to request certificates from the
> > > available
> > > CAs.
> > >
> > > I'm having this problem on my notebook (using my account and also as
> > > administrator), the SBS2003 is the CA. When I do this on another (desktop)
> > > PC
> > > with the same credentials it works OK.
> > >
> > > Any ideas on how to solve this problem? My notebook has been used outside
> > > and has swapped domains, it is now back in my domain but it is still
> > > looking
> > > for CAs in the other domain? Don't know if this matters, really? In fact I
> > > have no clue about what's going on here.
> > >
> > > Suggestions on this matter are highly appreciated...
> > > Ivo
> >
> >
> >
Anonymous
February 21, 2005 5:26:38 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

have you tried to get the machine cert via the MMC? I'm pretty sure you
can't get it through the web interface.

Cheers,

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



"Ivo" <Ivo@discussions.microsoft.com> wrote in message
news:D 179939B-CFB2-48C3-96DF-2AF2369A6BA2@microsoft.com...
> I'm still strugling with this problem...
> It's linked to my notebook, a PC in the same network can request the
> certificates (machine and user) all right. When I bring my notebook to
> another domain, I have the same error message.
> Contrary to what I stated earlier, I can install the certificate from the
> web interface (//servername/certsrv) but this allows me to install the
> user
> certificates only, I don't see how I can select the machine certificate
> using
> the web interface.
> So "the CA is definitely started" and I'm logged on as domain (and
> therefore
> local machine) admin so it cannot be that I do not have the necessary
> rights.
>
> So what's wrong with my notebook reaction to certificates.
> It's running XP SP2 and the domain server is SBS2K3 on my home system and
> SBS2K where I ran the tests this afternoon.
>
> Any suggestions are very much welcome!
> Ivo
> "Ivo" wrote:
>
>> A manual request.
>> Tried to obtain it with a web interface too (something like
>> \\server\certsrv) but there was a similar error.
>>
>> "Mark Gamache" wrote:
>>
>> > Is this a manual request or auto-enrolment?
>> >
>> > --
>> > Mark Gamache
>> > Certified Security Solutions
>> > http://www.css-security.com
>> >
>> >
>> >
>> > "Ivo" <Ivo@discussions.microsoft.com> wrote in message
>> > news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
>> > >I keep getting the messag: The certificate request failed because one
>> > >of
>> > >the
>> > > following conditions:
>> > > - The certificate request was submitted to a Certification Authority
>> > > (CA)
>> > > that is not started. (OR)
>> > > - You do not have the permissions to request certificates from the
>> > > available
>> > > CAs.
>> > >
>> > > I'm having this problem on my notebook (using my account and also as
>> > > administrator), the SBS2003 is the CA. When I do this on another
>> > > (desktop)
>> > > PC
>> > > with the same credentials it works OK.
>> > >
>> > > Any ideas on how to solve this problem? My notebook has been used
>> > > outside
>> > > and has swapped domains, it is now back in my domain but it is still
>> > > looking
>> > > for CAs in the other domain? Don't know if this matters, really? In
>> > > fact I
>> > > have no clue about what's going on here.
>> > >
>> > > Suggestions on this matter are highly appreciated...
>> > > Ivo
>> >
>> >
>> >
February 21, 2005 5:45:02 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

yes I tried (am trying, will continue to try) to get the machine cert via the
MMC.
I could not find a way to obtain it through the web interface and I
understand from your answer that it is indeed not possible.
So my problem is with manual cert request via the MMC.

Why me?
Ivo

"Mark Gamache" wrote:

> have you tried to get the machine cert via the MMC? I'm pretty sure you
> can't get it through the web interface.
>
> Cheers,
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> news:D 179939B-CFB2-48C3-96DF-2AF2369A6BA2@microsoft.com...
> > I'm still strugling with this problem...
> > It's linked to my notebook, a PC in the same network can request the
> > certificates (machine and user) all right. When I bring my notebook to
> > another domain, I have the same error message.
> > Contrary to what I stated earlier, I can install the certificate from the
> > web interface (//servername/certsrv) but this allows me to install the
> > user
> > certificates only, I don't see how I can select the machine certificate
> > using
> > the web interface.
> > So "the CA is definitely started" and I'm logged on as domain (and
> > therefore
> > local machine) admin so it cannot be that I do not have the necessary
> > rights.
> >
> > So what's wrong with my notebook reaction to certificates.
> > It's running XP SP2 and the domain server is SBS2K3 on my home system and
> > SBS2K where I ran the tests this afternoon.
> >
> > Any suggestions are very much welcome!
> > Ivo
> > "Ivo" wrote:
> >
> >> A manual request.
> >> Tried to obtain it with a web interface too (something like
> >> \\server\certsrv) but there was a similar error.
> >>
> >> "Mark Gamache" wrote:
> >>
> >> > Is this a manual request or auto-enrolment?
> >> >
> >> > --
> >> > Mark Gamache
> >> > Certified Security Solutions
> >> > http://www.css-security.com
> >> >
> >> >
> >> >
> >> > "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> >> > news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
> >> > >I keep getting the messag: The certificate request failed because one
> >> > >of
> >> > >the
> >> > > following conditions:
> >> > > - The certificate request was submitted to a Certification Authority
> >> > > (CA)
> >> > > that is not started. (OR)
> >> > > - You do not have the permissions to request certificates from the
> >> > > available
> >> > > CAs.
> >> > >
> >> > > I'm having this problem on my notebook (using my account and also as
> >> > > administrator), the SBS2003 is the CA. When I do this on another
> >> > > (desktop)
> >> > > PC
> >> > > with the same credentials it works OK.
> >> > >
> >> > > Any ideas on how to solve this problem? My notebook has been used
> >> > > outside
> >> > > and has swapped domains, it is now back in my domain but it is still
> >> > > looking
> >> > > for CAs in the other domain? Don't know if this matters, really? In
> >> > > fact I
> >> > > have no clue about what's going on here.
> >> > >
> >> > > Suggestions on this matter are highly appreciated...
> >> > > Ivo
> >> >
> >> >
> >> >
>
>
>
Anonymous
February 21, 2005 6:02:15 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

are you an administrator on the client machine?

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



"Ivo" <Ivo@discussions.microsoft.com> wrote in message
news:7CFEDCC1-EA8C-4F96-90EC-9025191E0515@microsoft.com...
> yes I tried (am trying, will continue to try) to get the machine cert via
> the
> MMC.
> I could not find a way to obtain it through the web interface and I
> understand from your answer that it is indeed not possible.
> So my problem is with manual cert request via the MMC.
>
> Why me?
> Ivo
>
> "Mark Gamache" wrote:
>
>> have you tried to get the machine cert via the MMC? I'm pretty sure you
>> can't get it through the web interface.
>>
>> Cheers,
>>
>> --
>> Mark Gamache
>> Certified Security Solutions
>> http://www.css-security.com
>>
>>
>>
>> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
>> news:D 179939B-CFB2-48C3-96DF-2AF2369A6BA2@microsoft.com...
>> > I'm still strugling with this problem...
>> > It's linked to my notebook, a PC in the same network can request the
>> > certificates (machine and user) all right. When I bring my notebook to
>> > another domain, I have the same error message.
>> > Contrary to what I stated earlier, I can install the certificate from
>> > the
>> > web interface (//servername/certsrv) but this allows me to install the
>> > user
>> > certificates only, I don't see how I can select the machine certificate
>> > using
>> > the web interface.
>> > So "the CA is definitely started" and I'm logged on as domain (and
>> > therefore
>> > local machine) admin so it cannot be that I do not have the necessary
>> > rights.
>> >
>> > So what's wrong with my notebook reaction to certificates.
>> > It's running XP SP2 and the domain server is SBS2K3 on my home system
>> > and
>> > SBS2K where I ran the tests this afternoon.
>> >
>> > Any suggestions are very much welcome!
>> > Ivo
>> > "Ivo" wrote:
>> >
>> >> A manual request.
>> >> Tried to obtain it with a web interface too (something like
>> >> \\server\certsrv) but there was a similar error.
>> >>
>> >> "Mark Gamache" wrote:
>> >>
>> >> > Is this a manual request or auto-enrolment?
>> >> >
>> >> > --
>> >> > Mark Gamache
>> >> > Certified Security Solutions
>> >> > http://www.css-security.com
>> >> >
>> >> >
>> >> >
>> >> > "Ivo" <Ivo@discussions.microsoft.com> wrote in message
>> >> > news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
>> >> > >I keep getting the messag: The certificate request failed because
>> >> > >one
>> >> > >of
>> >> > >the
>> >> > > following conditions:
>> >> > > - The certificate request was submitted to a Certification
>> >> > > Authority
>> >> > > (CA)
>> >> > > that is not started. (OR)
>> >> > > - You do not have the permissions to request certificates from the
>> >> > > available
>> >> > > CAs.
>> >> > >
>> >> > > I'm having this problem on my notebook (using my account and also
>> >> > > as
>> >> > > administrator), the SBS2003 is the CA. When I do this on another
>> >> > > (desktop)
>> >> > > PC
>> >> > > with the same credentials it works OK.
>> >> > >
>> >> > > Any ideas on how to solve this problem? My notebook has been used
>> >> > > outside
>> >> > > and has swapped domains, it is now back in my domain but it is
>> >> > > still
>> >> > > looking
>> >> > > for CAs in the other domain? Don't know if this matters, really?
>> >> > > In
>> >> > > fact I
>> >> > > have no clue about what's going on here.
>> >> > >
>> >> > > Suggestions on this matter are highly appreciated...
>> >> > > Ivo
>> >> >
>> >> >
>> >> >
>>
>>
>>
February 21, 2005 6:11:04 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

yes, Domain Administrator and ivo are members of the local Administrators on
the client machine.

"Mark Gamache" wrote:

> are you an administrator on the client machine?
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> news:7CFEDCC1-EA8C-4F96-90EC-9025191E0515@microsoft.com...
> > yes I tried (am trying, will continue to try) to get the machine cert via
> > the
> > MMC.
> > I could not find a way to obtain it through the web interface and I
> > understand from your answer that it is indeed not possible.
> > So my problem is with manual cert request via the MMC.
> >
> > Why me?
> > Ivo
> >
> > "Mark Gamache" wrote:
> >
> >> have you tried to get the machine cert via the MMC? I'm pretty sure you
> >> can't get it through the web interface.
> >>
> >> Cheers,
> >>
> >> --
> >> Mark Gamache
> >> Certified Security Solutions
> >> http://www.css-security.com
> >>
> >>
> >>
> >> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> >> news:D 179939B-CFB2-48C3-96DF-2AF2369A6BA2@microsoft.com...
> >> > I'm still strugling with this problem...
> >> > It's linked to my notebook, a PC in the same network can request the
> >> > certificates (machine and user) all right. When I bring my notebook to
> >> > another domain, I have the same error message.
> >> > Contrary to what I stated earlier, I can install the certificate from
> >> > the
> >> > web interface (//servername/certsrv) but this allows me to install the
> >> > user
> >> > certificates only, I don't see how I can select the machine certificate
> >> > using
> >> > the web interface.
> >> > So "the CA is definitely started" and I'm logged on as domain (and
> >> > therefore
> >> > local machine) admin so it cannot be that I do not have the necessary
> >> > rights.
> >> >
> >> > So what's wrong with my notebook reaction to certificates.
> >> > It's running XP SP2 and the domain server is SBS2K3 on my home system
> >> > and
> >> > SBS2K where I ran the tests this afternoon.
> >> >
> >> > Any suggestions are very much welcome!
> >> > Ivo
> >> > "Ivo" wrote:
> >> >
> >> >> A manual request.
> >> >> Tried to obtain it with a web interface too (something like
> >> >> \\server\certsrv) but there was a similar error.
> >> >>
> >> >> "Mark Gamache" wrote:
> >> >>
> >> >> > Is this a manual request or auto-enrolment?
> >> >> >
> >> >> > --
> >> >> > Mark Gamache
> >> >> > Certified Security Solutions
> >> >> > http://www.css-security.com
> >> >> >
> >> >> >
> >> >> >
> >> >> > "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> >> >> > news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
> >> >> > >I keep getting the messag: The certificate request failed because
> >> >> > >one
> >> >> > >of
> >> >> > >the
> >> >> > > following conditions:
> >> >> > > - The certificate request was submitted to a Certification
> >> >> > > Authority
> >> >> > > (CA)
> >> >> > > that is not started. (OR)
> >> >> > > - You do not have the permissions to request certificates from the
> >> >> > > available
> >> >> > > CAs.
> >> >> > >
> >> >> > > I'm having this problem on my notebook (using my account and also
> >> >> > > as
> >> >> > > administrator), the SBS2003 is the CA. When I do this on another
> >> >> > > (desktop)
> >> >> > > PC
> >> >> > > with the same credentials it works OK.
> >> >> > >
> >> >> > > Any ideas on how to solve this problem? My notebook has been used
> >> >> > > outside
> >> >> > > and has swapped domains, it is now back in my domain but it is
> >> >> > > still
> >> >> > > looking
> >> >> > > for CAs in the other domain? Don't know if this matters, really?
> >> >> > > In
> >> >> > > fact I
> >> >> > > have no clue about what's going on here.
> >> >> > >
> >> >> > > Suggestions on this matter are highly appreciated...
> >> >> > > Ivo
> >> >> >
> >> >> >
> >> >> >
> >>
> >>
> >>
>
>
>
Anonymous
February 21, 2005 6:38:50 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

I'm a bit confused. You referenced another domain or something to that
effect. To be clear, is the laptop a member of the same domain as the CA?
Have you turned on all of the CA auditing and checked the logs?

Cheers,

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



"Ivo" <Ivo@discussions.microsoft.com> wrote in message
news:5E5D8B80-FFA9-4B30-AED9-52DCD6B24BA1@microsoft.com...
> yes, Domain Administrator and ivo are members of the local Administrators
> on
> the client machine.
>
> "Mark Gamache" wrote:
>
>> are you an administrator on the client machine?
>>
>> --
>> Mark Gamache
>> Certified Security Solutions
>> http://www.css-security.com
>>
>>
>>
>> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
>> news:7CFEDCC1-EA8C-4F96-90EC-9025191E0515@microsoft.com...
>> > yes I tried (am trying, will continue to try) to get the machine cert
>> > via
>> > the
>> > MMC.
>> > I could not find a way to obtain it through the web interface and I
>> > understand from your answer that it is indeed not possible.
>> > So my problem is with manual cert request via the MMC.
>> >
>> > Why me?
>> > Ivo
>> >
>> > "Mark Gamache" wrote:
>> >
>> >> have you tried to get the machine cert via the MMC? I'm pretty sure
>> >> you
>> >> can't get it through the web interface.
>> >>
>> >> Cheers,
>> >>
>> >> --
>> >> Mark Gamache
>> >> Certified Security Solutions
>> >> http://www.css-security.com
>> >>
>> >>
>> >>
>> >> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
>> >> news:D 179939B-CFB2-48C3-96DF-2AF2369A6BA2@microsoft.com...
>> >> > I'm still strugling with this problem...
>> >> > It's linked to my notebook, a PC in the same network can request the
>> >> > certificates (machine and user) all right. When I bring my notebook
>> >> > to
>> >> > another domain, I have the same error message.
>> >> > Contrary to what I stated earlier, I can install the certificate
>> >> > from
>> >> > the
>> >> > web interface (//servername/certsrv) but this allows me to install
>> >> > the
>> >> > user
>> >> > certificates only, I don't see how I can select the machine
>> >> > certificate
>> >> > using
>> >> > the web interface.
>> >> > So "the CA is definitely started" and I'm logged on as domain (and
>> >> > therefore
>> >> > local machine) admin so it cannot be that I do not have the
>> >> > necessary
>> >> > rights.
>> >> >
>> >> > So what's wrong with my notebook reaction to certificates.
>> >> > It's running XP SP2 and the domain server is SBS2K3 on my home
>> >> > system
>> >> > and
>> >> > SBS2K where I ran the tests this afternoon.
>> >> >
>> >> > Any suggestions are very much welcome!
>> >> > Ivo
>> >> > "Ivo" wrote:
>> >> >
>> >> >> A manual request.
>> >> >> Tried to obtain it with a web interface too (something like
>> >> >> \\server\certsrv) but there was a similar error.
>> >> >>
>> >> >> "Mark Gamache" wrote:
>> >> >>
>> >> >> > Is this a manual request or auto-enrolment?
>> >> >> >
>> >> >> > --
>> >> >> > Mark Gamache
>> >> >> > Certified Security Solutions
>> >> >> > http://www.css-security.com
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > "Ivo" <Ivo@discussions.microsoft.com> wrote in message
>> >> >> > news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
>> >> >> > >I keep getting the messag: The certificate request failed
>> >> >> > >because
>> >> >> > >one
>> >> >> > >of
>> >> >> > >the
>> >> >> > > following conditions:
>> >> >> > > - The certificate request was submitted to a Certification
>> >> >> > > Authority
>> >> >> > > (CA)
>> >> >> > > that is not started. (OR)
>> >> >> > > - You do not have the permissions to request certificates from
>> >> >> > > the
>> >> >> > > available
>> >> >> > > CAs.
>> >> >> > >
>> >> >> > > I'm having this problem on my notebook (using my account and
>> >> >> > > also
>> >> >> > > as
>> >> >> > > administrator), the SBS2003 is the CA. When I do this on
>> >> >> > > another
>> >> >> > > (desktop)
>> >> >> > > PC
>> >> >> > > with the same credentials it works OK.
>> >> >> > >
>> >> >> > > Any ideas on how to solve this problem? My notebook has been
>> >> >> > > used
>> >> >> > > outside
>> >> >> > > and has swapped domains, it is now back in my domain but it is
>> >> >> > > still
>> >> >> > > looking
>> >> >> > > for CAs in the other domain? Don't know if this matters,
>> >> >> > > really?
>> >> >> > > In
>> >> >> > > fact I
>> >> >> > > have no clue about what's going on here.
>> >> >> > >
>> >> >> > > Suggestions on this matter are highly appreciated...
>> >> >> > > Ivo
>> >> >> >
>> >> >> >
>> >> >> >
>> >>
>> >>
>> >>
>>
>>
>>
February 21, 2005 6:53:04 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Sorry for the confusion. I simply wanted to report that I used my notebook on
two sites, two domain and that the error was the same. In both cases, the
notebook was introduced into the domain and a user with local administrator
rights was doing the mmc certificate request. In one of these domains, i.e.
my home domain (with SBS2003 domain server and root CA), I did the same
actions on another PC and there was no problem, so I guess teh problem must
be related to my notebook.
I have not turned on all of the CA auditing nor dit I check the logs until
now. And it's bed time now.
Many thanks for talking with me, I will search into the logs,
Ivo

"Mark Gamache" wrote:

> I'm a bit confused. You referenced another domain or something to that
> effect. To be clear, is the laptop a member of the same domain as the CA?
> Have you turned on all of the CA auditing and checked the logs?
>
> Cheers,
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> news:5E5D8B80-FFA9-4B30-AED9-52DCD6B24BA1@microsoft.com...
> > yes, Domain Administrator and ivo are members of the local Administrators
> > on
> > the client machine.
> >
> > "Mark Gamache" wrote:
> >
> >> are you an administrator on the client machine?
> >>
> >> --
> >> Mark Gamache
> >> Certified Security Solutions
> >> http://www.css-security.com
> >>
> >>
> >>
> >> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> >> news:7CFEDCC1-EA8C-4F96-90EC-9025191E0515@microsoft.com...
> >> > yes I tried (am trying, will continue to try) to get the machine cert
> >> > via
> >> > the
> >> > MMC.
> >> > I could not find a way to obtain it through the web interface and I
> >> > understand from your answer that it is indeed not possible.
> >> > So my problem is with manual cert request via the MMC.
> >> >
> >> > Why me?
> >> > Ivo
> >> >
> >> > "Mark Gamache" wrote:
> >> >
> >> >> have you tried to get the machine cert via the MMC? I'm pretty sure
> >> >> you
> >> >> can't get it through the web interface.
> >> >>
> >> >> Cheers,
> >> >>
> >> >> --
> >> >> Mark Gamache
> >> >> Certified Security Solutions
> >> >> http://www.css-security.com
> >> >>
> >> >>
> >> >>
> >> >> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> >> >> news:D 179939B-CFB2-48C3-96DF-2AF2369A6BA2@microsoft.com...
> >> >> > I'm still strugling with this problem...
> >> >> > It's linked to my notebook, a PC in the same network can request the
> >> >> > certificates (machine and user) all right. When I bring my notebook
> >> >> > to
> >> >> > another domain, I have the same error message.
> >> >> > Contrary to what I stated earlier, I can install the certificate
> >> >> > from
> >> >> > the
> >> >> > web interface (//servername/certsrv) but this allows me to install
> >> >> > the
> >> >> > user
> >> >> > certificates only, I don't see how I can select the machine
> >> >> > certificate
> >> >> > using
> >> >> > the web interface.
> >> >> > So "the CA is definitely started" and I'm logged on as domain (and
> >> >> > therefore
> >> >> > local machine) admin so it cannot be that I do not have the
> >> >> > necessary
> >> >> > rights.
> >> >> >
> >> >> > So what's wrong with my notebook reaction to certificates.
> >> >> > It's running XP SP2 and the domain server is SBS2K3 on my home
> >> >> > system
> >> >> > and
> >> >> > SBS2K where I ran the tests this afternoon.
> >> >> >
> >> >> > Any suggestions are very much welcome!
> >> >> > Ivo
> >> >> > "Ivo" wrote:
> >> >> >
> >> >> >> A manual request.
> >> >> >> Tried to obtain it with a web interface too (something like
> >> >> >> \\server\certsrv) but there was a similar error.
> >> >> >>
> >> >> >> "Mark Gamache" wrote:
> >> >> >>
> >> >> >> > Is this a manual request or auto-enrolment?
> >> >> >> >
> >> >> >> > --
> >> >> >> > Mark Gamache
> >> >> >> > Certified Security Solutions
> >> >> >> > http://www.css-security.com
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> >> >> >> > news:99076B84-579A-4A24-8165-C4DB4278ED59@microsoft.com...
> >> >> >> > >I keep getting the messag: The certificate request failed
> >> >> >> > >because
> >> >> >> > >one
> >> >> >> > >of
> >> >> >> > >the
> >> >> >> > > following conditions:
> >> >> >> > > - The certificate request was submitted to a Certification
> >> >> >> > > Authority
> >> >> >> > > (CA)
> >> >> >> > > that is not started. (OR)
> >> >> >> > > - You do not have the permissions to request certificates from
> >> >> >> > > the
> >> >> >> > > available
> >> >> >> > > CAs.
> >> >> >> > >
> >> >> >> > > I'm having this problem on my notebook (using my account and
> >> >> >> > > also
> >> >> >> > > as
> >> >> >> > > administrator), the SBS2003 is the CA. When I do this on
> >> >> >> > > another
> >> >> >> > > (desktop)
> >> >> >> > > PC
> >> >> >> > > with the same credentials it works OK.
> >> >> >> > >
> >> >> >> > > Any ideas on how to solve this problem? My notebook has been
> >> >> >> > > used
> >> >> >> > > outside
> >> >> >> > > and has swapped domains, it is now back in my domain but it is
> >> >> >> > > still
> >> >> >> > > looking
> >> >> >> > > for CAs in the other domain? Don't know if this matters,
> >> >> >> > > really?
> >> >> >> > > In
> >> >> >> > > fact I
> >> >> >> > > have no clue about what's going on here.
> >> >> >> > >
> >> >> >> > > Suggestions on this matter are highly appreciated...
> >> >> >> > > Ivo
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
February 22, 2005 9:45:02 AM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

The MMC manual request keeps failing (same error messages as reported
earlier). And I found following event in the Application Event on my
notebook, the autoenrollment of the computer network also fails. The notebook
is connected on the wired LAN and works fine except for this issue.

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: 22/02/2005
Time: 11:36:15
User: N/A
Computer: TM803LMI
Description:
Automatic certificate enrollment for local system failed to enroll for one
Computer certificate (0x80070005). Access is denied.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Anonymous
February 22, 2005 11:45:53 AM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

I'd double check that your computer account has read and enroll permissions
for the cert. It seems that your computer doesn't have the rights to enroll
for the cert. Is the laptop running a server OS?

Cheers,

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



"Ivo" <Ivo@discussions.microsoft.com> wrote in message
news:280A9C7A-0804-497E-A683-2D537D204749@microsoft.com...
> The MMC manual request keeps failing (same error messages as reported
> earlier). And I found following event in the Application Event on my
> notebook, the autoenrollment of the computer network also fails. The
> notebook
> is connected on the wired LAN and works fine except for this issue.
>
> Event Type: Error
> Event Source: AutoEnrollment
> Event Category: None
> Event ID: 13
> Date: 22/02/2005
> Time: 11:36:15
> User: N/A
> Computer: TM803LMI
> Description:
> Automatic certificate enrollment for local system failed to enroll for one
> Computer certificate (0x80070005). Access is denied.
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
February 22, 2005 12:45:02 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Interesting remark, the laptop just joined the domain, that's all. Just like
another PC and that one can do MMC manual certificate requests all right. The
laptop is running Windows XP Professional Service Pack 2 (like the other PC).
Where can I check these permissions?

Thanks, Ivo

"Mark Gamache" wrote:

> I'd double check that your computer account has read and enroll permissions
> for the cert. It seems that your computer doesn't have the rights to enroll
> for the cert. Is the laptop running a server OS?
>
> Cheers,
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
Anonymous
February 22, 2005 1:08:08 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Try this http://support.microsoft.com/kb/239452/EN-US/

The scenario is slightly different, but I think the cause and resolution may
match your situation. The access denies appears to be access tot he CA or
its templates. Its clear that you have access to the resources on your
laptop.

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



"Ivo" <Ivo@discussions.microsoft.com> wrote in message
news:3983BA5A-A179-4BBA-9909-485CB953B1BD@microsoft.com...
> Interesting remark, the laptop just joined the domain, that's all. Just
> like
> another PC and that one can do MMC manual certificate requests all right.
> The
> laptop is running Windows XP Professional Service Pack 2 (like the other
> PC).
> Where can I check these permissions?
>
> Thanks, Ivo
>
> "Mark Gamache" wrote:
>
>> I'd double check that your computer account has read and enroll
>> permissions
>> for the cert. It seems that your computer doesn't have the rights to
>> enroll
>> for the cert. Is the laptop running a server OS?
>>
>> Cheers,
>>
>> --
>> Mark Gamache
>> Certified Security Solutions
>> http://www.css-security.com
February 22, 2005 6:21:02 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Interestint that you managed to find the article with the exact error code,
it's for use wit W2K though and at home I have a W2K3 SBS.
I followed the KB article:

Grant Read and Enroll access for the template to the appropriate user or
group by using the Sites and Services snap-in. You can set the access rights
on the Security tab by expanding the following items: Services, Public Key
Services, Certificate Templates.
Note that the Show Services Node check box must be selected on the View
menu to see the Services tab.

I added the right to the following template: MachineEnrollmentAgent
Properties, so Domain Computers, were added with Read & Enroll Allowed.

I stopped and restarted the Certification Service on the server, restarted
the laptop but the auto enrollment error reappeard. I did a gpupdate /force
on the laptop and restarted the laptop but alas.

Regards, Ivo

"Mark Gamache" wrote:

> Try this http://support.microsoft.com/kb/239452/EN-US/
>
> The scenario is slightly different, but I think the cause and resolution may
> match your situation. The access denies appears to be access tot he CA or
> its templates. Its clear that you have access to the resources on your
> laptop.
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "Ivo" <Ivo@discussions.microsoft.com> wrote in message
> news:3983BA5A-A179-4BBA-9909-485CB953B1BD@microsoft.com...
> > Interesting remark, the laptop just joined the domain, that's all. Just
> > like
> > another PC and that one can do MMC manual certificate requests all right.
> > The
> > laptop is running Windows XP Professional Service Pack 2 (like the other
> > PC).
> > Where can I check these permissions?
> >
> > Thanks, Ivo
> >
> > "Mark Gamache" wrote:
> >
> >> I'd double check that your computer account has read and enroll
> >> permissions
> >> for the cert. It seems that your computer doesn't have the rights to
> >> enroll
> >> for the cert. Is the laptop running a server OS?
> >>
> >> Cheers,
> >>
> >> --
> >> Mark Gamache
> >> Certified Security Solutions
> >> http://www.css-security.com
>
>
>
February 22, 2005 6:27:03 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

I checked on the problem free PC (the one that can do manual MMC certificate
requests) for autoenrollment error in the Application Event... and this one
has problems with autoenrollment too, although the error code is different.

When I do a manual MMC certificate request as domain administrator on the
laptop (see earlier messages), then I should have enough rights to do that,
and computer rights should not play a role, different from autoenrollment.

I would be happy to do a successful manual MMC certification request...

Regards,
Ivo


Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 15/02/2005
Time: 21:56:29
User: N/A
Computer: DX6100MT
Description:
Automatic certificate enrollment for local system failed to contact the
active directory (0x8007003a). The specified server cannot perform the
requested operation.
Enrollment will not be performed.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Anonymous
February 23, 2005 4:08:38 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Are you able to get any certs form the CA?? You may want to try
certutil -ping and certutil -catemplates and certutil -entinfo

it seems like that error is related to not being able to get the CA info
from AD. It may also be having trouble getting to AD. I'd verify that the
client is functioning in all other respects.

Cheers,



--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



"Ivo" <Ivo@discussions.microsoft.com> wrote in message
news:4C1164FC-998C-4C8A-BCDD-6486A80EE122@microsoft.com...
>I checked on the problem free PC (the one that can do manual MMC
>certificate
> requests) for autoenrollment error in the Application Event... and this
> one
> has problems with autoenrollment too, although the error code is
> different.
>
> When I do a manual MMC certificate request as domain administrator on the
> laptop (see earlier messages), then I should have enough rights to do
> that,
> and computer rights should not play a role, different from autoenrollment.
>
> I would be happy to do a successful manual MMC certification request...
>
> Regards,
> Ivo
>
>
> Event Type: Error
> Event Source: AutoEnrollment
> Event Category: None
> Event ID: 15
> Date: 15/02/2005
> Time: 21:56:29
> User: N/A
> Computer: DX6100MT
> Description:
> Automatic certificate enrollment for local system failed to contact the
> active directory (0x8007003a). The specified server cannot perform the
> requested operation.
> Enrollment will not be performed.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
!