OCSP configuration problem (win2k8 R2)
I'm using http://technet.microsoft.com/en-us/library/cc753468.aspx to set up OCSP on a Windows Server 2008 R2 member server (which is an Enterprise CA successfully moved from Windows Server 2008 Domain Controller using http://technet.microsoft.com/en-us/library/ee126140(WS.10).aspx) in ActiveDirectory domain level 2003. Everithing goes fine until I try to add Revocation Configuration using a wizard. Self-explanatory video: http://www.youtube.com/watch?v=fJbE6dqrsVU Exception from HRESULT 0x80070490 rises when trying to select a CA certificate and Signing certificate for OCSP.
November 14th, 2011 7:52am

It seems that your CA is unable to update its own object in AD. You need to open ADSIEdit.msc, connect to configuration naming context, expand configuration\services\public key services\enrollment services. Select particular entry and assign CA computer account Full Control permissions on the object.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 2:13pm

It seems that your CA is unable to update its own object in AD. You need to open ADSIEdit.msc, connect to configuration naming context, expand configuration\services\public key services\enrollment services. Select particular entry and assign CA computer account Full Control permissions on the object.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
November 14th, 2011 10:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics