OCSP configuration problem (win2k8 R2)
I'm using http://technet.microsoft.com/en-us/library/cc753468.aspx to set up OCSP on a Windows Server 2008 R2 member server (which is an Enterprise CA successfully
moved from Windows Server 2008 Domain Controller using http://technet.microsoft.com/en-us/library/ee126140(WS.10).aspx) in ActiveDirectory domain level 2003.
Everithing goes fine until I try to add Revocation Configuration using a wizard.
Self-explanatory video: http://www.youtube.com/watch?v=fJbE6dqrsVU
Exception from HRESULT 0x80070490 rises when trying to select a CA certificate and Signing certificate for OCSP.
November 14th, 2011 7:52am
It seems that your CA is unable to update its own object in AD. You need to open ADSIEdit.msc, connect to configuration naming context, expand configuration\services\public key services\enrollment services. Select particular entry and assign CA computer
account Full Control permissions on the object.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
November 14th, 2011 2:13pm
It seems that your CA is unable to update its own object in AD. You need to open ADSIEdit.msc, connect to configuration naming context, expand configuration\services\public key services\enrollment services. Select particular entry and assign CA computer
account Full Control permissions on the object.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
November 14th, 2011 10:03pm