none
Error while adding cerificate to ADDS RRS feed

  • Question

  • Hi All,

    While adding the cerificate to DC i am getting a error
    "Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146
    885628)"


    Envirnoment Details

    Windows 2008 R2 Standard Edition.


    Regards, Sumanth
    Monday, September 19, 2011 9:00 AM

Answers

  • Sumanth,

    The certificate needs to be imported into the very same computer or user account where the certificate request was created to be successfully associated with the private key. If the certificate is intended for another computer and not the one that the request was created on, you simply export it using the pfx format to include the private key and then install/import it on the destination computer.

    Please note that the import/install of a certificate is not depending on any trusts and should not fail because of that. On the other hand any usage of the certificate requires the certificate to chain up to a trusted Root CA.

    /Hasain

    • Marked as answer by Bruce-Liu Thursday, September 29, 2011 6:41 AM
    Tuesday, September 20, 2011 4:06 PM

All replies

  • Hi All,

    While adding the cerificate to DC i am getting a error
    "Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146
    885628)"


    Envirnoment Details

    Windows 2008 R2 Standard Edition.


    Regards, Sumanth
    Monday, September 19, 2011 8:34 AM
  • Hello,

    It will be better to ask them in Security forum: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads

    Link to the new thread: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/e4fd6321-f9a8-4451-92a9-f199f625a9c7

     

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator

    • Edited by Mr XMVP Monday, September 19, 2011 9:30 AM link to new thread
    Monday, September 19, 2011 8:50 AM
  • Are you importing the certificate or requesting it from an enterprise CA?

    /Hasain

    Monday, September 19, 2011 9:27 AM
  • Hi

    I was importing the certificate.


    Regards, Sumanth
    Monday, September 19, 2011 10:16 AM
  • Sumanth Rajappa,

     

    it means u doesn't have private key for that certificate ....... have you added the root cert in trusted certificated.


    Ahmed Gaziyani Enterprise Admin.
    • Proposed as answer by Ahmed gaziyani Monday, September 19, 2011 1:46 PM
    Monday, September 19, 2011 1:42 PM
  • Are you possibly using certreq to request a certificate from a third party CA to your DC?

    Can you describe the exact steps you are following to make the request/import and at what step the error is occurring?

    /Hasain

     

     

    Monday, September 19, 2011 5:40 PM
  • Hi Ahmed,

    I have imported the cerificate to Certificates-->Personal

    Also i tired to repair using this commad certutil -repairstore my “SerialNumber" even there im getting an error

    Error:Non-root Certificate
    Template:
    No key provider information
    Cannot find the certificate and private key for decryption.
    CertUtil: -repairstore command FAILED: 0x80090010 (-2146893808)
    CertUtil: Access denied.

    Refered URL:

    http://www.folin.se/index.php/2007/12/05/the-ssl-server-credentials-certificate-does-not-have-a-private-key-information-property-attached-to-it-page-cannot-be-displayed-event-source-schannel-event-id-36869/michaelfolin


    Regards, Sumanth
    Tuesday, September 20, 2011 4:57 AM
  • sumanth,

    you have not imported the trusted root certicate which should be imported to trusted root certification root authorities..

    from where you got these certificate


    Ahmed Gaziyani Enterprise Admin.
    Tuesday, September 20, 2011 12:22 PM
  • Ahmed,

    Added Cerificate to local computer-->personal and

    local computer-->Trusted root certification authorities.

    Import happened successfully.

    We created the cerificate from godaddy.com.

    Now when i try to connect to using ldp.exe using port 636 a event is getting genrerated

    The SSL server credential’s certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.
    Source: Schannel
    Event ID: 36869

    And Event ID1220 

    LDAP over Secure Sockets Layer (SSL) will be unavailable at this time because the server was unable to obtain a certificate.

     

    Additional Data

    Error value:

    8009030e No credentials are available in the security package


    Regards, Sumanth

    Tuesday, September 20, 2011 1:33 PM
  • Sumanth,

    The certificate needs to be imported into the very same computer or user account where the certificate request was created to be successfully associated with the private key. If the certificate is intended for another computer and not the one that the request was created on, you simply export it using the pfx format to include the private key and then install/import it on the destination computer.

    Please note that the import/install of a certificate is not depending on any trusts and should not fail because of that. On the other hand any usage of the certificate requires the certificate to chain up to a trusted Root CA.

    /Hasain

    • Marked as answer by Bruce-Liu Thursday, September 29, 2011 6:41 AM
    Tuesday, September 20, 2011 4:06 PM