locked
Cannot Install Computer Certificate on Windows XP RRS feed

  • Question

  • I am attempting to install a certificate for use with our L2TP/IPSec VPN.  I upgraded the CA a couple of months ago to work with Vista according to KB922706.  At that point I started getting errors when attempting to install certificates on

    Windows XP machines.  The install process didn't even work for Windows Vista, so the whole upgrade process became a downgrade process.  Now I could not install any certificates on any platform.

     

    Yesterday, I installed the hotfix from http://www.microsoft.com/downloads/details.aspx?FamilyId=FFAEC8B2-99E0-427A-8110-2F745059A02D&displaylang=en, so now the process completes without error, buit I still don't get the certificate installed.

     

    When I try to use my CA (Windows Server 2003) to web enroll a Windows XP machine the process completes without errors, I see the certificate in the CA snap-in, but the certificate is nowhere to be found on the client.

     

    When I try to use another server (Windows Server 2008) to web enroll using the same CA (Windows Server 2003) I get the following error:

     

    Request Mode: newreq - New Request
    Disposition: (never set)
    Disposition message: (none)
    Result: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
    COM Error Info: CCertRequest:: Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
    LastStatus: The operation completed successfully. 0x0 (WIN32: 0)
    Suggested Cause: This error can occur if the Certification Authority Service has not been started.

     

    Certainly, the CA is running.  The machines can talk to each other (PING and netdiag).  I don't need to use the Windows Server 2008 necessarily to get the certificate if I could get the original server actually hosting the CA to work.

     

    Where does the certificate go if it actually installed?  What is causing the error on the Windows Server 2008 web enroll server?

     

    Thanks!

    Thursday, March 13, 2008 3:43 PM

Answers

  • Hi Thomas,

     

    Please understand to provide efficient and accurate services, Microsoft has different support groups for different products. Regarding the issue that all the client computers fail to obtain certificate from the CA server (Windows Server 2003). I suggest submitting it to Windows server 2003 Newsgroup. The support professionals there are better qualified to assist you.

     

    For your convenience, I’ve included the link of Windows Server 2003 Newsgroup:

    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.active_directory&cat=en_US_09e458e2-5a48-4d89-a40f-847f472bc08e&lang=en&cr=US

     

    In addition, I suggest checking if there is any firewall/antivirus program installed and enabled on the CA server. If so, please temporarily uninstall/disable them to check the result because the issue can occur if the related ports are blocked by the filter drivers.

     

    Hope it helps.

     

    Monday, March 17, 2008 9:13 AM
    Moderator