none
AD Certificate Services WEB Service. Certificate Templates not found.

    Pregunta

  • Hello guys, I have installed AD Certificate Services along with WEB service as Enterprise CA server. It seems to work fine from management console, I've even enrolled a certificate for IIS.

    I need to enroll a certificate for SCCM, so I've created a certificate template as written at Technet step-by-step guide, then I've copied it to templates and it's visible through mmc snapin along with default templates, I've set permissions to that template for my AD account.

    After that I tried to issue a certificate request through WEB interface, http://<server>/certSrv/, it asked for password, I entered damain admin password and got an error: "Templates not found or you don't have permissions to issue certificate request or Active Directory error occured" (that's a translation, so might be not very accurate).

    Probably that's something related to IIS?

    So maybe someone has ideas where to look for solution?

    Thanks in advance!

    lunes, 19 de diciembre de 2011 5:47

Todas las respuestas

  • Hello guys, I have installed AD Certificate Services along with WEB service as Enterprise CA server. It seems to work fine from management console, I've even enrolled a certificate for IIS.

    I need to enroll a certificate for SCCM, so I've created a certificate template as written at Technet step-by-step guide, then I've copied it to templates and it's visible through mmc snapin along with default templates, I've set permissions to that template for my AD account.

    After that I tried to issue a certificate request through WEB interface, http://<server>/certSrv/, it asked for password, I entered damain admin password and got an error: "Templates not found or you don't have permissions to issue certificate request or Active Directory error occured" (that's a translation, so might be not very accurate).

    Probably that's something related to IIS?

    So maybe someone has ideas where to look for solution?

    Thanks in advance!

    lunes, 19 de diciembre de 2011 8:46
  • Hi Dmitri

    Are you using Windows 2008R2? On the SCCM template assign the Enterpise CA Server enroll permissions ($Servername)

    Should be visible in a short while ..


    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent | ADRMS Wiki Portal: Technet Wiki

    lunes, 19 de diciembre de 2011 13:19
  • Thanks for reply, Adnan!

     

    But that's not the case :) My problem is that I cannot see certificate templates through WEB interface.

     

    martes, 20 de diciembre de 2011 8:51
  • hi 

    thats how you will see the template on the certsrv web site. you have assign the template permissons for the computer account of ca with enroll permissions


    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent | ADRMS Wiki Portal: Technet Wiki

    martes, 20 de diciembre de 2011 9:00
  • Have a read thru the following link which has the steps for a simliar scenario

    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent | ADRMS Wiki Portal: Technet Wiki

    martes, 20 de diciembre de 2011 9:52
  • Hi DmitriyPKCC,

     

    Thanks for posting here.

     

    Firstly, I’d like to confirm that if the error only occurs when user through Web enrollment page to request a certificate on a CA server. Did you try to logon Web enrollment on other member server? Do they get same errors? Meanwhile, please ensure the user logon to Web page has proper permission for CA template.

     

    In order to troubleshoot, please refer to the following KB article to resolve it:

     

    "No Certificate Templates Could Be Found" error message when a user requests certificate from CA Web enrollment pages

    http://support.microsoft.com/kb/811418

     

    In addition, you may also check the following articles to troubleshoot this issue:

     

    Troubleshoot Active Directory Certificate Services

    http://technet.microsoft.com/en-us/library/cc731429(WS.10).aspx#BKMK_5

     

    Issuing Certificates Based on Certificate Templates

    http://technet.microsoft.com/en-us/library/cc753452(WS.10).aspx

     

     

    Best Regards,

    Aiden

    miércoles, 21 de diciembre de 2011 10:31
    Moderador
  • Thanks for reply, Aiden!

    Of course, I've tried to issue a certificate using several computers and I have the same result "Templates not found".

    I forgot to say that I'm using Windows Server 2008 R2 Std. Not an enterprise.

    But, by default, there are some preconfigured templates available and they are set to be fully accessed by domain admin. Also I can request certificate from "Certificates" MMC snap-in, and it shows me my CA with available templates.

    I think that something might be wrong with IIS configuration hence it cannot look through AD, but it asks for my account/password and authenticates me through AD.

    So I don't get why I cannot get a certificate through WEB, but thanks anyway!

    P.S. I've read the KB articles you mentioned, that's not my case.

    Dmtiriy

    miércoles, 21 de diciembre de 2011 10:44
  • Hi Dmtiriy,

     

    Thanks for your update.

     

    From your description, I know that your issue is a new created template not showing up via web enrollment. But we can request this certificate from MMC.

     

    After some research, I found the issue was cause by the following:

    1) In certificate template Subject tab wasn’t switched to Supply in request.

    2) Certificate template was configured for validity greater than one year.

     

    When we change both settings, certificate template appears in Enrollment Web Pages.

     

    So please change the setting from “Build from this Active Directory information” to “Supply in the request” on the “Subject Name” tab of the certificate template. To see if this worked to make it visible via CertSrv.

     

     

    Best Regards,

    Aiden

    • Propuesto como respuesta Marmeks lunes, 09 de septiembre de 2013 12:30
    jueves, 22 de diciembre de 2011 3:19
    Moderador
  • Hi Dimitiriy

    Did you go thru the SCOM Link I provided earlier?

    Plus is your certificate templates versioned for Windows 2008 or Windows 2003?

    You should duplicate the template using  “Windows 2003 Server, Enterprise Edition " only.

    Can you enroll for the cert from the MMC on another server?


    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent | ADRMS Wiki Portal: Technet Wiki

    jueves, 22 de diciembre de 2011 8:57
  • I ran into this issue lately as well. Turns out the issue in my case was the Authentication settings on a few virtual directories. Have a look at a blog post I wrote about it. Hopefully it helps you or others.

    http://patrickhoban.wordpress.com/2012/02/14/1256


    Patrick Hoban
    http://patrickhoban.wordpress.com

    domingo, 19 de febrero de 2012 16:19