I am having a problem with my 2003 Root CA. I am getting "No certificate templates could be found..." when i try to request a certificate for my new Web Server. When i go to the Certification Authority i can see the Web Server template in the template list. But, when i go to the Certificate Templates mmc the Web Server template is "Not Allowed". I have tried http://support.microsoft.com/kb/811418 but it didn't help. I have been looking all over the web for the past couple of hours and have seen other people with the same problem. But, nothing i have tried has worked. Please Help! Thanks, Scott

Have you enabled integrated authentication for Web Enrollment application? You need to ensure if you are properly authenticated on web enrollment web site. Also you may need to add web server to LocalIntranet zone. My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

I have enabled integrated authentication for Web Enrollment application. And, i added my web server to LocalIntranet zone. Still doesn't work.

Also, one other thing. At one time an WebServer cert was issued to our old 2003 Web Server. I am not sure what has changed.

If you look at your root CA from the Certificate Authority mmc console, there is a "certificate templates" container underneath the CA name. Highlight that, and make sure that the "Web Server" certificate template appears there. If it does not, right-click on the "Certificate Templates" and select All Tasks -> New template to issue and then select "Web Server" from the dialog that appears. Also, you should check the ACLs on the actual certificate template itself. Run certtmpl.msc. Right click on the "Web Server" template in there and check the Security tab. Make sure either your account or a group you belong to has Read and Enroll on it. If you do have to change the ACLs on the template, since it is a v1 template, you will need to be an Enterprise Admin to make that change.