2008 CA Web Enrollment Prompts for Authentication
Hi All, I have a "Windows 2008 Enterprise R2" issuing Enterprise CA with the Web Enrollment role installed. I had tested this weeks ago and everything worked as it should. A couple days ago I went to issue a certificate request through the Web enrollment page and was prompted for authentication. This never happened before and I'm being my head against a wall trying to figure out why it's doing so. Integrated authentication SHOULD be working, but it's not. I checked the IIS7 settings and they're set like this: At the root, "Anonymous Authentication" Disabled, "Windows Authentication", Enabled. At the "Default Web Site", "Anonymous Authentication" Disabled, "Windows Authentication", Enabled. At the CertSrv Application, "Anonymous Authentication" Disabled, "Windows Authentication", Enabled. In the "Advanced Settings" for CertSrv, "Physical Path Credentials Logon Type" is set to Interactive. In help anyone could give would be most appreciated. Thanks!
December 8th, 2010 10:17am

web Enrollment server MUST be added to LocalIntranet zone.http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2010 11:45am

Thanks Vadims. This is interesting because I had a wildcard *.<domain>.<rootdomain> in my Intranet zone. Apparently this wasn't good enough for some reason. I explicitly added the servername.<domain>.<rootdomain> to the local Intranet zone and it worked. I wonder if there's another IE setting that was changed that would have invalidated the wildcard.
December 8th, 2010 12:15pm

I have had it work with wildcards, but there is a balance between trusted site, local intranet, etc. that may have tipped the wrong way Brian
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2010 12:36pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics