PKI - Event ID 80 Source CertSvc - (INSUFF_ACCESS_RIGHTS)
Hi,My CA is having issue issuing certificates,It actualy issued 2 computer certificates (to 2 DC), 1 user certificate (i requested it) and finaly a CAExchange certificate to itself.After that nothing; I am having this event viewer>applications error on my CA: Certificate Services could not publish a Certificate for request 5 to the following location on server MAL0.contoso.loc: CN=User1,OU=USER,OU=IT,OU=PHX,DC=contoso,DC=loc. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344). ldap: 0x32: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Single Domain in a Single Forest,Behind a ISA server 2006, with an access rule which opens all for the internal network.Added my CA to the Cert Publishers Group (actualy verified it was there already).Tried to wait couple days, restart some services and even the servers...I dont know where to look now, any suggestion?Any help would be greatly appreciated.thx
March 7th, 2010 12:21pm

Is the text in your error the actual domain names on your system or just a filler for the forum? I hope it is just a filler. Make sure the server where the CA runs is given write permission to the user's object in the Active Directory as a publisher. I mean the Cert Publishers Group have write permission to the objects it's trying to write to.
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2010 12:43pm

Hello, I tried to follow in the steps of the Microsoft, but on Public Key Services I haven't Domain Computers or Domain Users, Any ideas?
April 21st, 2010 7:51am

Hello, I tried to follow in the steps of the Microsoft, but on Public Key Services I haven't Domain Computers or Domain Users, Any ideas? I have the same issue. Domain Computers and Domain Users do not excist.Joachim Le | Crayon AS | MCITP: Enterprise Messaging Administrator 2010
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2012 2:50am

You can go via Active direstory users and Computers thus on the DC: Click Start , point to Administrative Tools , and click Active Directory Users and Computers . In the Users pane. right-click Domain Computers , and click Properties . On the Security tab, confirm that the Cert Publishers group has Read and Write permissions. If not present "Add" Cert Publishers object. Right-click Domain Users , and click Properties . On the Security tab, confirm that the Cert Publishers group has Read and Write permissions
January 18th, 2012 3:17pm

You can go via Active direstory users and Computers thus on the DC: Click Start , point to Administrative Tools , and click Active Directory Users and Computers . In the Users pane. right-click Domain Computers , and click Properties . On the Security tab, confirm that the Cert Publishers group has Read and Write permissions. If not present "Add" Cert Publishers object. Right-click Domain Users , and click Properties . On the Security tab, confirm that the Cert Publishers group has Read and Write permissions Make sure to have Advanced Features under View checked to see the Security tab for Domain Users and Domain Computers.
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2012 3:35pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics