I have a very unusual issue which I have never had a problem with before. When I try to attach a new certificate template to a workflow I cannot cselect any templates, I'm able to select the certificate authority but cannot select any certificate template. I have this in another environment with basically the same permissions and everything works in this environment but doesn't in the other very confused. Anybody got any ideas why I wouldn't be able to select the actual certificate template.? Thanks in advance Darren

There are three possibilities: 1) Look at the names of the certificate templates. Ensure that there are no apostrophe's or quotes in the names of any certificate templates. The one case where i saw this had a certificate template named "Joe's test certificate" 2) Really make sure that the CA was correctly added to FIM CM. This sound suspiciously like a connection string error or CA computer account error. If someone simply manually added the CA account to the CertificateAuthorities table, you would see the same error 3) Make sure that something has not changed in RPC permissions. Run certutil -config "CADNSName_CALogical Name" -ping from the workstation in a command prompt running as a normal user to ensure that the user is able to query the CA. Brian

Thanks Brian I will investigate the steps you have mentioned, The CA was added automatically by the CA connection string connecting so I'm assuming that this is correct. Will keep you posted

I have recreated a template called Test. I have redone the CA Exit String following the information from here http://technet.microsoft.com/en-us/library/gg418598(WS.10).aspx# I have also ran the certutil command and that comes back successful. Still confused :(

Just doing it does not troubleshoot. Did you look in the FIM CM log to ensure that the CA was successfully able to register with the Exit module. (at the CA) Did you check all certificate template names? Were there any errors in the CA event logs Were there any errors at the FIM CM event logs? Brian

Hi Darren, Using SQL Management Studio, open the FIMCertificateManagement database, right-click the dbo.CertificateAuthority database & select 'Select Top 1000 Rows'. Please report back if your CA is returned in the Results UI. Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

On Wed, 22 Jun 2011 10:21:00 +0000, DarrenBonehill wrote: When I try to attach a new certificate template to a workflow I cannot cselect any templates, I'm able to select the certificate authority but cannot select any certificate template. I have this in another environment with basically the same permissions and everything works in this environment but doesn't in the other very confused. I get the willies whenever anyone says "basically the same permissions". If I were I'd check the following: 1. Check to see if Authenticated Users have been removed from the DACL of the certificate templates. If they have, then either add them back with READ or failing that, add the computer account of the CA with READ. 2. Ensure that certificate templates are actually published at the CA. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca One if by LAN, two if by C. -- Paul Revere, as told by John Karwoski

The CA server shows in the SQL database and I can select the CA server from the profile template. The issue is that all the certificate templates are greyed out not allowing me to select any of them. There are no errors on the CA server pertaining to the Exit Module. The permissions are as in my other environment which works okay.

On Fri, 24 Jun 2011 10:12:08 +0000, DarrenBonehill wrote: The CA server shows in the SQL database and I can select the CA server from the profile template. The issue is that all the certificate templates are greyed out not allowing me to select any of them. There are no errors on the CA server pertaining to the Exit Module. The permissions are as in my other environment which works okay. The list of the certificate templates is the list of certificate templates that are available in the forest and do not correspond to the list of certificate templates that are published at the CA. You haven't indicated that there are actually any certificate templates actually published at the CA in question. I would check all of the relevant event logs on both the CA and the FIM CM box looking for any CA or FIM CM related errors and not just Exit module errors. Also, to help narrow down the problem I'd eliminate FIM CM from the equation to begin with and make sure that you're able to publish certificate templates at the CA and make sure that you can actually enroll certificates from the CA without using FIM CM. Also, if you do actually have certificate templates published at the CA, make sure that they are not V3 templates as they can't be used with FIM CM. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Meets quality standards: Compiles without errors.

I have eventually found what the problem was..... drun roll .... The Certificate Authority had a double space in its name. Re-building the CA a removing this double space everything started to work as normal.