Hello, I recently installed the Active Directory Certificate Services role on a Windows 2008 Enterprise machine. I installed the CA as an enterprise CA. I also installed the NDES role service. when I navigate the Server Manager and expand the 'Roles' node, I can see 'Active Directory Certificate Services' and it has the following child nodes:Enterprise PKICertificate Templates (dc.domain.com)RootCAIf I click on Certificate Templates or RootCA, everything seems to be fine. If I click on the 'Enterprise PKI' node, then I see the message Enterprise PKI - ErrorThe Enterprise PKI MMC snap-in allows administrators to assess and manage the health of a Windows Enterprise CA hierarchy.An Enterprise CA cannot be located. Verify that an Enterprise CA exists in your forest and is listed in the Enrollment Services container on your domain controller. Per instructions found @ http://blogs.technet.com/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx, I attempted to rectify the problem by backing up and then restoring via CertSrv.msc, but I still don't see any objects within the Enrollment Services container http://msdn.microsoft.com/en-us/library/cc250028(PROT.10).aspx .What do I need to do to troubleshoot this error?Thanks,Matt

Hi, Please help confirm whether you installed an enterprise CA or a standalone CA on the computer. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Joson, thanks for the follow up. I stated in my original query that I had installed the CA as an Enterprise CA on the computer. Is there some additional classification you are looking for? Matt

Hi Matt, Sorry for the late response. Have you checked the permissions on the containers CN=Enrollment Service and CN=Public Key Services? Please verify that System and Enterprise Admins have full control permission on the containers. Meanwhile, please help collect the following information on the CA server for research: 1. Please run ldifde –f c:\pki.txt –d “cn=public key services,cn=services,cn=configuration,dc= DomainName,dc=com”. 2. Please collect the certocm.log in %systemroot% folder. 3. Please collect MPSReport: 1) Please download the MPSReport from the website http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en 2) Run the execute file on the computer. 3) In the Select the diagnostics you want to run page, select General and clear other options, then click Next. 4) After the diagnostic is finished, you will see the Diagnostics are finished! page, click Save the results. After that, please upload the pki.txt, certocm.log and MPSReport to the following space: https://sftasia.one.microsoft.com/choosetransfer.aspx?key=0d2fdb81-7c68-4cf6-be93-6fefd616a03e Password: 1{0yKV29f9This posting is provided "AS IS" with no warranties, and confers no rights.