Error 0x80094001 while enrolling User Certificate

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I have W2K3 forest with two domains ad.test.com (forest root) and
sub.ad.test.com. I have Enterprise CA installed on server in sub.ad.test.com.
I modified Cert. Templates security to let users (ib sub domain) Enroll
certificates. I configured Computer certificate enrollment with GPO. Most of
comps get their certificate. But I cannot Enroll User Certificate using Web
or MMC. When I try I get:

"Certificate Services denied request 106 because The request subject name is
invalid or too long. 0x80094001 (-2146877439). The request was for
SUB\Administrator. Additional information: Error Constructing or Publishing
Certificate"
Still I can Enroll Basic EFS certificate.
Please Help!

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Does this happen for all user accounts and for both mmc and Web Enroll
request?? When you try Web Enrollment try both regular [user certificate]
first option and advanced request to see if it makes a difference. If
problems persist run the netdiag support tool on the computer making the
request from to make sure it can contact domain controller, has secure
channel, etc. --- Steve


"XRay" <XRay@discussions.microsoft.com> wrote in message
news:9013FEFA-D574-43C9-8FF1-388B616C8A18@microsoft.com...
>I have W2K3 forest with two domains ad.test.com (forest root) and
> sub.ad.test.com. I have Enterprise CA installed on server in
> sub.ad.test.com.
> I modified Cert. Templates security to let users (ib sub domain) Enroll
> certificates. I configured Computer certificate enrollment with GPO. Most
> of
> comps get their certificate. But I cannot Enroll User Certificate using
> Web
> or MMC. When I try I get:
>
> "Certificate Services denied request 106 because The request subject name
> is
> invalid or too long. 0x80094001 (-2146877439). The request was for
> SUB\Administrator. Additional information: Error Constructing or
> Publishing
> Certificate"
> Still I can Enroll Basic EFS certificate.
> Please Help!
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

As I said before I can enroll certificates such as: Basic EFS, Administrator,
Workstation Autentification through both web and mmc intefaces.

"Steven L Umbach" wrote:

> Does this happen for all user accounts and for both mmc and Web Enroll
> request?? When you try Web Enrollment try both regular [user certificate]
> first option and advanced request to see if it makes a difference. If
> problems persist run the netdiag support tool on the computer making the
> request from to make sure it can contact domain controller, has secure
> channel, etc. --- Steve
>
>
> "XRay" <XRay@discussions.microsoft.com> wrote in message
> news:9013FEFA-D574-43C9-8FF1-388B616C8A18@microsoft.com...
> >I have W2K3 forest with two domains ad.test.com (forest root) and
> > sub.ad.test.com. I have Enterprise CA installed on server in
> > sub.ad.test.com.
> > I modified Cert. Templates security to let users (ib sub domain) Enroll
> > certificates. I configured Computer certificate enrollment with GPO. Most
> > of
> > comps get their certificate. But I cannot Enroll User Certificate using
> > Web
> > or MMC. When I try I get:
> >
> > "Certificate Services denied request 106 because The request subject name
> > is
> > invalid or too long. 0x80094001 (-2146877439). The request was for
> > SUB\Administrator. Additional information: Error Constructing or
> > Publishing
> > Certificate"
> > Still I can Enroll Basic EFS certificate.
> > Please Help!
> >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

If you were able to request and receive those certificates via mmc and on
the same computer it failed for user then what I would try is to enable
issuance of certificates for user signature and client authentication to try
and to request those on the same computer. If those certificates are able to
be issued I would try the same on a different computer for a different user
to see if the same happens. If it does there could be some sort of
corruption with the user certificate template. --- Steve


"XRay" <XRay@discussions.microsoft.com> wrote in message
news:C23DBECE-166F-446D-A5BF-2B2DEB35BD2C@microsoft.com...
> As I said before I can enroll certificates such as: Basic EFS,
> Administrator,
> Workstation Autentification through both web and mmc intefaces.
>
> "Steven L Umbach" wrote:
>
>> Does this happen for all user accounts and for both mmc and Web Enroll
>> request?? When you try Web Enrollment try both regular [user certificate]
>> first option and advanced request to see if it makes a difference. If
>> problems persist run the netdiag support tool on the computer making the
>> request from to make sure it can contact domain controller, has secure
>> channel, etc. --- Steve
>>
>>
>> "XRay" <XRay@discussions.microsoft.com> wrote in message
>> news:9013FEFA-D574-43C9-8FF1-388B616C8A18@microsoft.com...
>> >I have W2K3 forest with two domains ad.test.com (forest root) and
>> > sub.ad.test.com. I have Enterprise CA installed on server in
>> > sub.ad.test.com.
>> > I modified Cert. Templates security to let users (ib sub domain) Enroll
>> > certificates. I configured Computer certificate enrollment with GPO.
>> > Most
>> > of
>> > comps get their certificate. But I cannot Enroll User Certificate using
>> > Web
>> > or MMC. When I try I get:
>> >
>> > "Certificate Services denied request 106 because The request subject
>> > name
>> > is
>> > invalid or too long. 0x80094001 (-2146877439). The request was for
>> > SUB\Administrator. Additional information: Error Constructing or
>> > Publishing
>> > Certificate"
>> > Still I can Enroll Basic EFS certificate.
>> > Please Help!
>> >
>>
>>
>>

 

[Guest]

I had the same issue but found a fix here ... http://fir3net.com/Windows-2008/windows-2008-ca-error-constructing-or-publishing-certificate.html

Hope this helps..