I am suddenly having issues with web certificate requests. I currently have one Root CA, one Policy CA and one online Issuing CA (All 2008). Cert requests in the past using the default "Web Server", and customized web server templates have not have any issues, but now submitting the requests produces the error message below. Requests using other types of templates are working ok, so it just seems to be something wrong with the web server requests. The web server that is requesting the cert is in the same domain as the CA and can ping/resolve the fqdn ok. Any help would be appreciated. Thanks - Patrick Error Your request failed. An error occurred while the server was processing your request. Contact your administrator for further assistance. Request Mode: newreq - New Request Disposition: (never set) Disposition message: (none) Result: The format of the specified domain name is invalid. 0x800704bc (WIN32: 1212) COM Error Info: CCertRequest::Submit: The format of the specified domain name is invalid. 0x800704bc (WIN32: 1212) LastStatus: The format of the specified domain name is invalid. 0x800704bc (WIN32: 1212) Suggested Cause: No suggestions.

You need to provide more information.1) What subject name are you trying to request2) Are there any name contraints, etc. in the issuing CA certificate or in the certificate chainBrian

Brian, I am requesting via the certsrv web request page. Either of the two options under the "Request a Certificate" link, do not have a field to enter a subject name, unless the "Friendly Name" section is the subject. For this field, I have entered both the common name of the web server, and the FQDN of the server. Both result in the error above. The web server template that I select for the requests, does not have any contstraints as I have the "Supply in the request" option selected in the Subject name tab of this template's properties. I'm not sure I understand what constraints would be in the certificate chain. Please let me know if any more info would help. Thanks

Thank you Patrick. Only these settings are enough and worked for me: Still in IIS Manager, navigate to CertSrv in the tree and then click Authentication in the right pane Anonymous Authentication should be Disabled. Windows Authentication should be enabled My settings had Anonymous authentication enabled. Then right-click on CertSrv -> Manage Application -> Advanced Settings. Physical Path Credentials Logon Type : Interactive

Thanks Patrick C L. I had the same issue and your instructions fixed my problem.

I had a similar problem, but none of my certificate templates, (new or default) would work. I fixed the issue though. After thinking it was a template permissions issue, or a naming constraints issue ( I realised I didn't implement any constraints anywhere). The issue was in IIS7 and authentication. Check the following settings. Open IIS Manager, click the very top of the tree, (should be %servername%) then click Authentication in the right pane. Anonymous Authentication should be Disabled. Windows Authentication should be enabled My settings had Anonymous authentication enabled. Still in IIS Manager, navigate to CertSrv in the tree and then click Authentication in the right pane Anonymous Authentication should be Disabled. Windows Authentication should be enabled My settings had Anonymous authentication enabled. Then right-click on CertSrv -> Manage Application -> Advanced Settings. Physical Path Credentials Logon Type : Interactive I hope that helps. I spent 2 days trawling google and ms sites and the error doesn't give much away. Very helpful answer.