Hi,My CA is having issue issuing certificates,It actualy issued 2 computer certificates (to 2 DC), 1 user certificate (i requested it) and finaly a CAExchange certificate to itself.After that nothing; I am having this event viewer>applications error on my CA: Certificate Services could not publish a Certificate for request 5 to the following location on server MAL0.contoso.loc: CN=User1,OU=USER,OU=IT,OU=PHX,DC=contoso,DC=loc. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344). ldap: 0x32: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Single Domain in a Single Forest,Behind a ISA server 2006, with an access rule which opens all for the internal network.Added my CA to the Cert Publishers Group (actualy verified it was there already).Tried to wait couple days, restart some services and even the servers...I dont know where to look now, any suggestion?Any help would be greatly appreciated.thx

Is the text in your error the actual domain names on your system or just a filler for the forum? I hope it is just a filler. Make sure the server where the CA runs is given write permission to the user's object in the Active Directory as a publisher. I mean the Cert Publishers Group have write permission to the objects it's trying to write to.

Confirm permissions on the Domain Computers and Domain Users containers in Active Directory To confirm that the CA has necessary permissions on the Domain Computers and Domain Users containers: Click Start , point to Administrative Tools , and click Active Directory Sites and Services . On the View menu, click Show Services Node . Double-click Services , double-click Public Key Services , right-click Domain Computers , and click Properties . On the Security tab, confirm that the Cert Publishers group has Read and Write permissions. Right-click Domain Users , and click Properties . On the Security tab, confirm that the Cert Publishers group has Read and Write permissions. http://technet.microsoft.com/en-us/library/cc774602%28WS.10%29.aspx

Hi,Please refer to the following article and verify that the DCOM permission and group membership are correct. You may also run the certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG command reset the DCOM permission.Description of the changes to DCOM security settings after you install Windows Server 2003 Service Pack 1http://support.microsoft.com/default.aspx?scid=kb;EN-US;903220Thank.sThis posting is provided "AS IS" with no warranties, and confers no rights.

Hello, I tried to follow in the steps of the Microsoft, but on Public Key Services I haven't Domain Computers or Domain Users, Any ideas?

Hello, I tried to follow in the steps of the Microsoft, but on Public Key Services I haven't Domain Computers or Domain Users, Any ideas? I have the same issue. Domain Computers and Domain Users do not excist.Joachim Le | Crayon AS | MCITP: Enterprise Messaging Administrator 2010

You can go via Active direstory users and Computers thus on the DC: Click Start , point to Administrative Tools , and click Active Directory Users and Computers . In the Users pane. right-click Domain Computers , and click Properties . On the Security tab, confirm that the Cert Publishers group has Read and Write permissions. If not present "Add" Cert Publishers object. Right-click Domain Users , and click Properties . On the Security tab, confirm that the Cert Publishers group has Read and Write permissions