I have a a root domain CA on Windows 08 R2 that is not allowing certs to the child domain due to permissions. There is a artical on how to do this? Thanks! Shawn

Hi Shawn, Please gather logs from the client that is requesting the certificate and the CA in the root domain. On the client, enable logging with "certutil -setreg enroll\debug 0xffffffe3" and copy the most recent events in %windir%\system32\certenroll.log On the server, enable logging with "certutil -setreg ca\debug 0xffffffe3" and copy the most recent events in %windir%\system32\certsrv.log Thanks, John

Hi, Please verify that security permission is configured correctly on the certificate template: http://technet.microsoft.com/en-us/library/cc758774(WS.10).aspx#BKMK_10 This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.