locked
Active Directory Certificate Authority - No Templates found error when accessing CertSrv site RRS feed

  • General discussion

  • Hey everyone,

    I'm working on creating a Certificate Authority in Active Directory.

    My basic architecture is attached below.

    Overview of my current setup:
     - AD is set up so the hostnames and FQDN's of each server can ping.
     - the Root and Intermediate are not domain joined but the Signer is domain joined.
     - The Root and Intermediate will be turned off once they are put into production.
     - Root expiration is 20 years
     - Intermediate expiration is 10 years
     - Signer expiration is 5 years
     - The Root CA has issued a certificate for the Intermediate CA and the Intermediate CA has issued a certificate for the signer.
     - On the signer, i currently have all of AD's Certificate services installed and configured
       - Certificate Authority
       - Certificate Enrollment Policy Web Service
       - Certificate Enrollment Web Service
       - Certificate Authority Web Enrollment Service
       - Network Device Enrollment Service

      - Online Responder

    Issue:

    The issue I have is with the CertSrv site used to request certificates.

    I'm logging in to the CertSrv using a system account the belongs to the groups: Administrators, Domain Admins, Enterprise Admins, and IIS_IUSRS.

    When I go to request a certificate in the CertSrv site, none of the certificate templates show and it returns a "No templates can be found error".

    However, I did create and issue a Web Server duplicate certificate and made sure that my system account had at least Read and Enroll permissions and that the Subject Name is set to Supply in the Request. This duplicate certificate now shows in the CertSrv but none of the default issued certificate templates show.

    Any ideas on what the cause behind this issue could be or on what configurations i can double check?

    Thanks in advance!

    - Eric

    Wednesday, November 15, 2017 3:49 PM