Certificate Authority problem - Template information could not be loaded.
My Certificate authority seems to be having some problems I don't fully understand. The error in the subject is thrown when I click in the Certificate Templates container under Active Directory Certificate Services. Searching on the error shows that people attempted to move their CA and ran into this problem, however I have not moved my CA. I do have a subordinate CA that I've been working on bringing online but the two don't have proper routing and firewall rules yet. This is a Server 2008 R2 environmnet with domain functional level the same. I also receive an error when requesting a certificate if using the mmc certificate snapin from a member server it says no CA's can be found, if from the web server it says there are no templates. I am quite stuck and could really use some help.
April 1st, 2011 8:02pm

Also just found this event for the AD CA Services: Log Name: Application Source: Microsoft-Windows-CertificationAuthority Date: 4/1/2011 10:13:17 AM Event ID: 44 Task Category: None Level: Error Keywords: Classic User: SYSTEM Computer: <computername> Description: The "Windows default" Policy Module "Initialize" method returned an error. Element not found. The returned status code is 0x80070490 (1168). Active Directory Certificate Services could not find required Active Directory information.
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2011 8:14pm

On Fri, 1 Apr 2011 17:14:20 +0000, nferguson wrote: The "Windows default" Policy Module "Initialize" method returned an error. Element not found. The returned status code is 0x80070490 (1168).? Active Directory Certificate Services could not find required Active Directory information. Your CA is unable to properly contact Active Directory. You mentioned routing and firewall rules in your other post, I strongly suggest that you get those all sorted first. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Error: Something only humans can commit.
April 1st, 2011 8:19pm

Paul, thanks for the reply, the routing and firewall rules are for a subordinate CA that isn't up yet (future plans), the current CA is (unforunatley) on a domain controller, so it shouldn't be having AD connectivity issues.
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2011 8:39pm

I reviewed the entries mentioned by Miles Li in this article: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/1a76f377-fedf-4736-8a7d-8368fc47b5ba/ I found that the CA was missing pKIEnrollmentService object and added them corresponding with this article, restarted the AD CA services but that still throws the template error and I still can not request certificates from the mmc snapin or the CA web server.
April 1st, 2011 9:12pm

Ok, I found the difference by comparing it to a CA on a different domain altogether. The templates were missing from the enrollment services object. To fix, install a fresh CA in a lab environment that matches your CA, use ADSIEDIT.MSC navigate out to configuration, services, public key services, enrollment services and right click your CA object and click properties. Compare each of those settings to your lab system making the appropriate name changes where necessary. To obtain the cACertificate Value, navigate to the CN=Certification Authorites container, and open the properties of your particular CA, copy the hex values of that entry and paste it into your Enrollment Services cACertificate value. Once you have all of the values identical for their respective names, stop and start your AD certificate authority services and verify there are no errors thrown in the event log.
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2011 9:31pm

Hi nferguson, I think my issue is somewhat simular to yours, I got the following error when I tried to load my certificate templates: Template Information could not be loaded A directory Service Error has occured But I I tried to restart the service - no luck then rebooted the server - all good :D
July 25th, 2011 5:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics