Certificate services error code RRS feed

  • Question

  • I am trying to create an Enterprise CA, but the enterprise option is grayed out. I can only select standalone. Any ideas? This is the error from the certocm.txt file. Seeing that I thought Domain Services unavailable....?? After checking everything else I finally dropped the server from the domain and rejoined it. No help.

    109.895.1838:<2014/1/25, 16:28:16>: Enterprise CA option availability status: ENUM_ENTERPRISE_UNAVAIL_REASON_DS_UNAVAILABLE

    I verified I am a member of both Domain Admins and Enterprise Admins.

    Windows Server 2008 R2 EE. Thoughts?

    Saturday, January 25, 2014 9:37 PM

All replies

  • Check the firewall if any.


    Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.

    MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin


    Domain Controllers inventory-Quest Powershell

    Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate

    Generate a Report for installed Hotfix for Bulk Servers

    Sunday, January 26, 2014 4:30 AM
  • you need to fulfill basic requirements:

    • Server machine has to be a member server (domain joined).
    • You can run an Enterprise CA on the Standard, Enterprise, or Data Center Windows Edition. The difference is the number of ADCS features and components that can be enabled. To get full functionality, you need to run on Enterprise or Data Center Windows Server 2008 /R2/ Editions. It includes functionality like Role separation, Certificate manager restrictions, Delegated enrollment agent restrictions, Certificate enrollment across forests, Online Responder, Network Device Enrollment.
    • In order to install an Enterprise CA, you must be a member of either Enterprise Admins or Domain Admins in the forest root domain (either directly or through a group nesting).

    You can check below link


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer".
    • Marked as answer by Amy Wang_ Thursday, January 30, 2014 8:42 AM
    • Unmarked as answer by tmacris Saturday, February 1, 2014 11:57 PM
    Sunday, January 26, 2014 10:25 AM
  • In my original post I already pointed out that I meet all of the qualifications you point out.

    Domain member, valid OS, proper group membership. I am still unable to complete task.

    • Edited by tmacris Saturday, February 1, 2014 11:58 PM
    Saturday, February 1, 2014 11:56 PM
  • There is no firewall in place.
    Saturday, February 1, 2014 11:57 PM
  • Verify from following:

    1. Ensure that you have network connectivity to a domain controller during CA setup. {Windows Firewall is off on both servers or Antivirus didn't block connectivity}
    2. Ensure the Public Key Services container exist in the Active Directory directory service. {ADSIEdit tool (Adsiedit.msc)}

    Please remember, if you see a post that helped you please click (Vote As Helpful) and if it answered your question, please click (Mark As Answer).

    • Edited by Mai AliMVP Sunday, February 2, 2014 10:07 PM
    Sunday, February 2, 2014 10:06 PM