Issue new certificate templates on CA Windows Server 2008


  • Hi,

    I am using Windows Server 2008 and I have installed two CAs on a cluster. When I try to issue new certificate templates on the CA I am getting the following error message:

    "The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or there are replication delays. Access is denied. 0x80070005 (WIN32: 5)
    The changes can be saved to Active Directory and retrieved by the CA next time it is started. Do you want to save the changes to Active Directory? Yes/No"

    I would like to know what is the cause of this message I am getting.

    Monday, May 25, 2009 4:55 PM

All replies

  • Hi,


    This issue may occur if the user account does not have Manage CA permission. To verify it, please refer to the following steps:


    1.    In the Certification Authority console, right-click CA Name and select Properties.

    2.    Select Security tab.

    3.    Verify that the user has been granted Manage CA permission.

    Wednesday, May 27, 2009 5:43 AM
  • Hi Joson,

    I do have Manage CA permission on the CA.
    Any other idea?

    Wednesday, May 27, 2009 8:33 PM
  • Hi Marcela, Did you solve this problem, if so what was the resolution? Best regards, Daniel
    Monday, January 3, 2011 11:02 AM
  • make sure if you have logged with DOMAIN user account.
    Monday, January 3, 2011 1:07 PM
  • Hi all,


    I am also facing the same problem. I ve logged into Domain Adminsitrator account which have Manage CA permission still facing the problem. Is there any solution for the above error.

    With Regards, S Prathaban
    Friday, September 23, 2011 11:49 AM
  • The problem is actual for me also. Does anyone know how to solve?
    Thursday, July 12, 2012 12:48 PM
  • I guess this was never answered. 

    Restart services

    Check Permissions

    Verify AD Replication

    David Jenkins

    Thursday, September 19, 2013 1:57 PM
  • I am facing the same issue, and I have the required permission...

    I am not sure why this service is not stable

    Thursday, September 21, 2017 7:07 AM
  • This is an old thread.  Originally this applied to "Windows Server 2008 and I have installed two CAs on a cluster."

    Is this the same configuration as you?

    I have seen this before, but this is often due to to a AD/CS CA (Enterprise) not yet running, or needs a few minutes to actually contact the AD configuration container and get a list of templates.  

    So, without having any more details, I could only offer general and obvious suggestions such as ensuring that the service is running, ensure you have Manage CA rights, make sure you are logged on with the account that has "Manage CA" rights. Perhaps a restart of the CA?

    Is the CA and PKI otherwise healthy?


    Thursday, September 21, 2017 1:07 PM
  • I just say yes.  I think most of the issue is replication.

    David Jenkins

    Tuesday, June 12, 2018 8:54 PM