Hi Aiden, Thanks for the quick response. I went through all your steps and it still does the same thing. I have this feeling that I am missing something small. Could you give me a checklist of what settings need to be configured on the CA's side (Server A). I tried from 2 different CA's and it still does the same thing - but if I request the certificates from the Server B (IIS) and follow all the steps in your link then it works. (but this is not what I want to do as I want the Server A to issue certificates) I look forward to hearing from you. Paul

Hi there My scenario: Server A: Windows Server 2008 (Internal network with an Enterprise CA) Server B: Windows Server 2003 (External web server hosting sharepoint) - on a different network and domain but has username's for different log in's for sharepoint. I want to issue certificates on Server A and then do 1-to-1 mapping on the extranet on Server B. I've gone to https://SERVER_A/certsrv and requested certificates -> exported to Server B and done 1-to-1 mapping. It doesn't work - I need some help. I get error 403.7 Thanks, Paul

Hi Paul, Thanks for your post. Error 403.7 may occurs if the client certificate is not valid. Please verify that the mapping certificates for user accounts were configured correctly. For more detailed information, please refer to the following articles: Step-by-Step Guide to Mapping Certificates to User Accounts http://technet.microsoft.com/en-us/library/bb742438.aspx Error message when you try to run a Web application that is hosted on a server that is running IIS 7.0: "HTTP Error 403.7 - Forbidden" http://support.microsoft.com/kb/942067 Best Regards, AidenAiden Cao TechNet Community Support