Hi, I am trying to publish a Server 2008 Certificate Authority behind an ISA 2006 firewall. I've run into trouble because autoenrollment uses DCOM/RPC. I found a document (http://blogs.isaserver.org/pouseele/2007/10/and http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx) on how to configure the CertSrv Request DCOM object to use a specific port. The problem is when I look at the properties of the CertSrv Request in the Component Services MMC, all the options are greyed out (on all tabs). I have checked other random dcom objects and some are normal, others are greyed out. Is there a way to fix it? Thanks! --Kyle (CA is Server 2008 Standard, Domain controllers are Server 2003 R2, Firewall is ISA 2006 w/ latest ISA updates)

Hello Kyle, Due to security consideration, some system core components only grant Trustedinstaller full control permission instead of Administrators. To enable modification settings of 'CertSrv Request': 1. Open Register Editor to 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}' 2. Right click the {D99E6E74-FC88-11D0-B498-00A0C90312F3} key (AppID of Certsrv Request), choose permission. 3. Take the ownership to Administrators. Then grant the Administrators 'full control' permission. 4. Restart the dcomcnfg. Hope it helps.

That worked great! As anote, I had to disable the firewall client on my computer in order for the request to go through (when done manually through the certificates mmc). Thanks for your help!

Hi Miles, I was just wondering if there are other ways to do this besides modifying the registry? Thanks!

I am having this same issue but the key which you refer to after AppID: 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3} Does not exist....what do I do then?

I am a member of the Administrators group and when I attempt to follow the instructions above, I received "Access Denied" message. I have disabled Windows Firewall as was suggested below. Thanks!

Try this jim I had a similar issue with with a different app, i did this as follows went to the registry key, right click and selected permission on the AppID Than gave the admin user full control but got an access denied error same as you i presume so selected the Advance button Went to the owner tab and just selected the admin option and made them the current owner. clicked ok, restarted the service And than the component optioni needed to change were not greyed out.