Issue new certificate templates on CA Windows Server 2008


  • Hi,

    I am using Windows Server 2008 and I have installed two CAs on a cluster. When I try to issue new certificate templates on the CA I am getting the following error message:

    "The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or there are replication delays. Access is denied. 0x80070005 (WIN32: 5)
    The changes can be saved to Active Directory and retrieved by the CA next time it is started. Do you want to save the changes to Active Directory? Yes/No"

    I would like to know what is the cause of this message I am getting.

    יום שני 25 מאי 2009 16:55

כל התגובות

  • Hi,


    This issue may occur if the user account does not have Manage CA permission. To verify it, please refer to the following steps:


    1.    In the Certification Authority console, right-click CA Name and select Properties.

    2.    Select Security tab.

    3.    Verify that the user has been granted Manage CA permission.

    יום רביעי 27 מאי 2009 05:43
    מנחה דיון
  • Hi Joson,

    I do have Manage CA permission on the CA.
    Any other idea?

    יום רביעי 27 מאי 2009 20:33
  • Hi Marcela, Did you solve this problem, if so what was the resolution? Best regards, Daniel
    יום שני 03 ינואר 2011 11:02
  • make sure if you have logged with DOMAIN user account.
    יום שני 03 ינואר 2011 13:07
  • Hi all,


    I am also facing the same problem. I ve logged into Domain Adminsitrator account which have Manage CA permission still facing the problem. Is there any solution for the above error.

    With Regards, S Prathaban
    יום שישי 23 ספטמבר 2011 11:49
  • The problem is actual for me also. Does anyone know how to solve?
    יום חמישי 12 יולי 2012 12:48
  • I guess this was never answered. 

    Restart services

    Check Permissions

    Verify AD Replication

    David Jenkins

    יום חמישי 19 ספטמבר 2013 13:57
  • I am facing the same issue, and I have the required permission...

    I am not sure why this service is not stable

    יום חמישי 21 ספטמבר 2017 07:07
  • This is an old thread.  Originally this applied to "Windows Server 2008 and I have installed two CAs on a cluster."

    Is this the same configuration as you?

    I have seen this before, but this is often due to to a AD/CS CA (Enterprise) not yet running, or needs a few minutes to actually contact the AD configuration container and get a list of templates.  

    So, without having any more details, I could only offer general and obvious suggestions such as ensuring that the service is running, ensure you have Manage CA rights, make sure you are logged on with the account that has "Manage CA" rights. Perhaps a restart of the CA?

    Is the CA and PKI otherwise healthy?


    יום חמישי 21 ספטמבר 2017 13:07
  • I just say yes.  I think most of the issue is replication.

    David Jenkins

    • הוצע כתשובה על-ידי David L. Jenkins יום שלישי 12 יוני 2018 20:54
    יום שלישי 12 יוני 2018 20:54