No Certificate Templates Could Be Found
Hi, We have just finished setting up a Subordinate Issuing CA (Windows 2008 R2). If I open the MMC\Certificates snap-in on another server, and request a new certificate, I see the available templates, and can successfully use this path to obtain a machine certificate. However, if I open https://SUBCA/certsrv and request a certificate we get the notorious "No Certificate Templates Could Be Found" error message. I have already worked through http://support.microsoft.com/kb/811418 but found no discrepancies. Why would we be able to see and obtain the Templates from the MMC snap-in and not from the Web Site? Regards,
May 27th, 2010 5:47pm

make sure if: 1) SSL is configured for Web Enrollment Pages web site 2) Integrated authentication is enabled for this site and anonymous authentication is disabled.http://www.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2010 9:46pm

Hi, SSL is configured to 'Accept' on the Default Web Site, /CertEnroll & /Certsrv directories. Anonymous is disabled and Windows Authentication is enabled on the Default Web Site, /CertEnroll & /Certsrv directories. Still could not see any new custom templates. Then I allowed "Authenticated Users" the Enroll permission on the Web Server template - and there it appeared in the /Certsrv website. I have reviewed my security settings between the 'Web Server' and my new certificate template, and they are identical. However I still cannot see the new template in the website. Any ideas?
May 28th, 2010 9:49am

Is the new certificate template a computer certificate or a user certificate and what are the settings on the template for Subject Name? In R2, you can no longer use the web UI to request computer certificates. Paul Adare CTO IdentIT Inc. ILM MVP
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2010 10:17am

HI, That would answer it then - its a new custom Web Server certificate. Will use the MMC instead, thank you.
May 28th, 2010 10:55am

Hi Paul, would this mean, that the following scenario doesn't make any sense: Offline Root Ca on W2K8-R2 Domain in W2K8-R2 mode Issuing CA on W2K8-R2 CA Web Enrollment on a dedicated machine with W2K8-R2 I've trusted the Web Enrollment Machine for delegation and done all, i could find somewhere in the web, what should make this scenario running. I've just enabled all the templates and granted "authenticated users" permissions to read and enroll for this templates. All without success! :( And now my questions: What is the CA Web Enrollment then usefull for in W2K8-R2? I've got a big network with a lot of "internal" web servers in the DMZ. They need to enroll for certificates? How do I do this now? (Beside the manual ways of submitting the reguest to the certsrv.msc console by hand.) Is there an official statement from Microsoft somewhere, so i can show this to my customers? Thanks for you assistance. Best regards Stefan
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 11:05pm

Hi, If your certificate template type is "Windows server 2008 Enterprise" you get that error message. You can duplicate that certificate template and select "Windows server 2003 Enterprise" to get that work with WebUI. It does not make any difference if you are requesting user or computer certificates. What you can't do anymore is enroll computer certificate straight to computer certificate store. There should not be any problem to obtain webserver certificate by using IIS to generate certificate request and then use CA's webUI to request certificate with that file...
August 19th, 2010 11:54pm

Hi, SSL is configured to 'Accept' on the Default Web Site, /CertEnroll & /Certsrv directories. Anonymous is disabled and Windows Authentication is enabled on the Default Web Site, /CertEnroll & /Certsrv directories. Still could not see any new custom templates. Then I allowed "Authenticated Users" the Enroll permission on the Web Server template - and there it appeared in the /Certsrv website. I have reviewed my security settings between the 'Web Server' and my new certificate template, and they are identical. However I still cannot see the new template in the website. Any ideas? why anonymous need to disabled and windows authentication need to enabled? why? i remember windows server 2003 doesn't need to enabl windows authentication, it only need enbale anonymous. ~
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2011 12:52am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics