none
MIM CM 2016 Portal Error accessing the when requesting certificate (CA is offlline) - missing rights RRS feed

  • Question

  • Hi

    I try for several days now to solve the problem, but I dont get it under control.

    MIM CM 2016 - Portal

    Everything adjusted and configured like described in

    https://docs.microsoft.com/de-de/microsoft-identity-manager/mim-cm-deploy

    also in English, to prevent translation errors.

    When I open a Internetexplorer, call the URL of the Portal (https://cm2018.domain.de) it works fine, til I try to get the certificate request done. It comes with the WebAccess confirmation popup and then it runs into an error

    Fehler beim Herstellen der Verbindung mit der Zertifizierungsstelle: p-m-pki-1003.domain.de\domain-P-M-PKI-1003-CA

    I suppose it has to be an error during installation. Suppose rights or impersonalisation is not correct.

    How can I check that. Has MIM CM 2016 no checkup tools to verify the configuration ?

    clm-log entries:

    CheckCertificateAuthorityAvailable(Microsoft.Clm.Common.AD.UserProfile)"    "Doman\user"    "Domain\user"    0x00000B00    0x00000019    Check that all CAs are available for profile template

    Unable to complete request for profile template:  Test PKI2018 MIM CM - nicht nutzen (UUID 10c20223-4b3e-4571-97d4-662c3ee9ff38).
    Certificate Authority:  p-m-pki-1003.domain.de\domain-P-M-PKI-1003-CA is offline.
    Start CA service.

    CA Service is running, I can request certificates by certificate snap-in.

    So this is my idea that it has to be in the middle between user and CA, the MIM Portal is not able to use the correct rights to access or see the CA (but it can see it, when i create profiles and add the CA to them).

    Thanks a lot

    Bernhard

    Monday, July 23, 2018 7:27 AM