I've recently installed a Standalone Root CA running Server 2008R2 Standard and an online Enterprise Issuing CA running Server 2008R2 Enterprise. Both the Root and Issuing are HSM protected using the nCipher Security World Key Storage Provider, hash algorithm is sha1, signature algorithm is sha1RSA. I have an SSL certificate template assigned to the Enterprise Issuing CA. For testing purposes, Authenticated Users have Read | Enroll permissions. Windows 7 / Server 2008 clients have no issues enrolling via Certificate Enrollment Wizard. XP/ Server 2003 clients are generating an error:
"The wizard cannot be started because of one or more of the following conditions"
- There are no trusted certification authorities (CAs) available.
- You do not have the permissions to request certificates from the available CAs.
- The available CAs issue certificates for which you do not have permissions.
Any help is greatly appreciated!
Todas as Respostas
Please check the following:
- The XP and 2003 computers does have the permission to request a certificate from the enterprise CA (check the security permissions on the CA)
- Are there any restrictions or non-default settings on the User Rights Assignment, access this computer from the network, hint: http://support.microsoft.com/kb/257346
- Additionally Check the DCOM permissions on the CA server and that the XP and 2003 computers have access http://support.microsoft.com/kb/903220