System Center Mobile Device Manager TechCenter >
Mobility Forums
>
System Center Mobile Device Manager
>
Error with CA then do pre-deployment steps
Error with CA then do pre-deployment steps
- Hello!
I have problem with deployment Mobile Device Manager.
I have offline root CA based on Windows Server 2003 and clustered subordinate CA based on Windows Server 2008 Enterprise.
When i prepare my infrastructure for MDM and do command adconfig /enabletemplates i see error:
[11/04/2009-21:41:20] DEBUG : Invoking RunDll with arguments "C:\MDM\adconfig\CertificateAuthorityPermissions_x64.dll",InstallCASecurity vcngsubca.vcng.ru vcngsubca01 S-1-5-21-676356331-940865192-3957312832-1127 S-1-5-21-676356331-940865192-3957312832-1128 S-1-5-21-676356331-940865192-3957312832-1122
[11/04/2009-21:41:21] DEBUG : Rundll exited with error code -2147024891
[11/04/2009-21:41:21] ERROR : Failed to add security on the vcngsubca.vcng.ru\\vcngsubca01 certification authority using trustee security identifier [S-1-5-21-676356331-940865192-3957312832-1127], and subject security identifier [S-1-5-21-676356331-940865192-3957312832-1128]. Error: Access is denied.
[11/04/2009-21:41:21] DEBUG : Failed to add security on the vcngsubca.vcng.ru\\vcngsubca01 certification authority using trustee security identifier [S-1-5-21-676356331-940865192-3957312832-1127], and subject security identifier [S-1-5-21-676356331-940865192-3957312832-1128]. Error: System.ComponentModel.Win32Exception: Access is denied
at Microsoft.MobileDeviceManager.InstanceManager.CertificateAuthoritySecurity.CallExportedNativeMethod(String nativedll, String methodName, String args, Boolean bReturnExitCode)
at Microsoft.MobileDeviceManager.InstanceManager.CertificateAuthoritySecurity.AddSecurity(String certificationAuthority, IMDMProductInstance mdmInstance).
[11/04/2009-21:41:21] ERROR : Errors occurred while configuring security on vcngsubca.vcng.ru\vcngsubca01 certification authority for MDM instance VCNGMobile.
I check this KB: http://support.microsoft.com/kb/927066/ and it not help me.
But then in log i see:
[11/04/2009-21:41:21] INFO : Using BindRoot LDAP://rootDSE
[11/04/2009-21:41:21] DEBUG : Created directory entry for [DN=LDAP://rootDSE].
[11/04/2009-21:41:21] DEBUG : Created directory entry for [DN=LDAP://CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=vcng,DC=ru].
[11/04/2009-21:41:21] DEBUG : Considering CA VCNGSubCA.vcng.ru\VCNGSubCA01. Check if CommonName is matching vcngsubca01
[11/04/2009-21:41:21] DEBUG : Found CA vcngsubca.vcng.ru\vcngsubca01.
[11/04/2009-21:41:21] DEBUG : Considering CA VCNGSubCA.vcng.ru\VCNGSubCA01.
[11/04/2009-21:41:21] DEBUG : Found CA vcngsubca.vcng.ru\vcngsubca01.
[11/04/2009-21:41:21] DEBUG : The vcngsubca.vcng.ru\vcngsubca01 certification authority has dNSHostName = VCNGSubCA.vcng.ru.
[11/04/2009-21:41:21] DEBUG : Attempting to find the CERTSVC_DCOM_ACCESS group in the vcng.ru domain.
[11/04/2009-21:41:21] INFO : Using BindRoot LDAP://vcng.ru/rootDSE
[11/04/2009-21:41:21] DEBUG : Created directory entry for [DN=LDAP://vcng.ru/rootDSE].
[11/04/2009-21:41:21] DEBUG : Created directory entry for [DN=LDAP://DC=vcng,DC=ru].
[11/04/2009-21:41:21] DEBUG : Searching for well-known group using search filter [(&(samAccountName=CERTSVC_DCOM_ACCESS)(objectCategory=group))] and search root [LDAP://DC=vcng,DC=ru].
[11/04/2009-21:41:21] INFO : Found no groups using search filter [(&(samAccountName=CERTSVC_DCOM_ACCESS)(objectCategory=group))] and search root [LDAP://DC=vcng,DC=ru].
[11/04/2009-21:41:21] DEBUG : Did not find the CERTSVC_DCOM_ACCESS group in the vcng.ru domain.
[11/04/2009-21:41:21] INFO : The CERTSVC_DCOM_ACCESS group does not exist in the domain for the vcngsubca.vcng.ru\vcngsubca01 certification authority.
[11/04/2009-21:41:21] INFO : Result of AD Configuration Operation: Success
And i dont undestand: preconfiguration step normal or not.
All Replies
Is the CA running on a Domain Controller ?
Run the Best Practice Analyser, and post any error output.
Cheers Wayne
Airloom- Were you able to get this working?
Cheers Wayne
Airloom
