How to fix issues with local computer certificate?

Hey,

I have Win 2003 CA server,

In AD - under user properties - I can see user assigned certificates, similarly where can I see local computer assigned certificate?

I have problem with 2 users, their machine dont have auto assigned with computer certificate, user certificate is assigned.

becoz of this we face other issues.

If I login to their machine, with my account all works.

Thanks

August 23rd, 2013 9:09am

Hi Beadmin, 

What OS is the user ruining - (Lets assume Window 7)  - If you logged on to that computer and it worked fine then its "user cert" problem for that user. you can delete and request new certificate for that user. Log on as the user then type this "certmgr.msc" 

  1. Open Certificate Manager by clicking the Start button Picture of the Start button, typing certmgr.msc into the Search box, and then pressing ENTER. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

  2. Click the Personal folder.

  3. Click the Action menu, point to All Tasks, and then click Request New Certificate.

  4. Follow the steps in the wizard.

This should help your renew/Request a new certificate for that user. 

MassonTech

Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2013 9:20am

Thanks for the reply,

Issue is with Win 8 machine.

When I login to "certmgr.msc", his user certificate is in place, but nothing for local machine certificate.

When I compare with working machine, they have computer certificate.

I would try the above step and update with result.

Is their way I can force install computer cert?

August 23rd, 2013 10:16am

Hi,

Please follow the below steps to find certificates for your local computer:

1. Open MMC

2. Click File, and then choose Add/Remove snap-in

3. Choose certificates snap-in, and click Add

4. Choose computer account, Next, choose Local computer

Regards,

Yan Li

Free Windows Admin Tool Kit Click here and download it now
August 24th, 2013 5:39am

When I do that I get the following error: an enrollment policy server cannot be located

I can ping CA server from his machine, tried ipconfig /flush dns

also tried opening CA in browser (fire fox) and assign certificate and still same problem.

tried re-image his machine,

If I login it works

August 26th, 2013 11:44am

To manage local machine certificates, the user must be an administrator (hence why it works when you are logged in)

Brian

Free Windows Admin Tool Kit Click here and download it now
August 26th, 2013 12:09pm

 his account is already part of local administrator on this machine.

As matter of fact, I also made him domain admin for testing and no help.

August 27th, 2013 3:08am

 his account is already part of local administrator on this machine.

As matter of fact, I also made him domain admin for testing and no help.

try to Log the problem user to a different PC and see if everything works fine.

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2013 5:02am

Yes, tried that.. also made him local admin on that machine, but still does not work there.

Event viewer have following error:

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Error - Logon failure: the user has not been granted the requested logon type at this computer.

August 27th, 2013 6:04am

please follow the procedure in the link below 

http://technet.microsoft.com/en-us/library/cc732593(v=ws.10).aspx

MassonTech

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2013 4:10pm

Thanks for the help everyone.

I have added his account to "logon as batch job, logon as service, act as administrator etc"

also removed and added again to local admin group, but still the same issue.

There is something wrong with this user account, even though I have added to following rights on the machine but still he is not becoming the administrator

September 4th, 2013 4:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics