I've been struggling with the web enrollment of WS03 R2 SP2 PKI (w/KB 922706 installed)... If I go to request a user cert, the following error occurs on submit: Error Your request failed. An error occurred while the server was processing your request. Contact your administrator for further assistance. <input id="locBtnDetails" onclick="blur();spnBasic.style.display='none';spnAdvanced.style.display='';" type="button" value="Details >>" /> Request Mode: newreq - New Request Disposition: (never set) Disposition message: (none) Result: No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332) COM Error Info: CCertRequest::Submit No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332) LastStatus: No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332) Suggested Cause: No suggestions. Any ideas on a solution?

It looks like you may have tried enabling anonymous authentiation for the site. - you need to disable anonymous auth - enable either basic or windows integrated auth - Ensure that the site is protected by an SSL certificate - Add the site to the Local Intranet security zone and enable scripting of ActiveX controls marked as unsafe( the icertrequest interface is marked as unsafe). You can set the level to either prompt or enable Brian

Thanks, I did all of these and still get the same error. Is the web certenroll supposed to use https? If so, that is even worse, I get "Page cannot be displayed" error.

You have to install an SSL certificate to use HTTPS. It does not just happen. maybe try resetting the web enrollment pages. Run certutil -vroot Brian

Thanks, I understand having the cert and I do have one installed and is used on the web site. I was referencing whether that SSL is supposed to be or required to be used for cert enroll. I'm not finding a reference one way or another. By default, it does not. Running cerutil command you referenced: Web Virtual Root Already Exists Active Server Pages (ASP) already enabled File Share Already Exists CertUtil: -vroot command completed successfully. Errors still occur. For SSL, does it need to be enabled on the default web or at the 'CertSrv' and other 'Cert...' web sites only?

you first need to create/have an ssl certificate available to be seen from the bindings on certificate services in iis. and it has to be a valid one. Yes cert svcx does require an ssl. what was the output of the command Brian asked you to use? I have gone through this recently and have learned quite a bit in the last few months and am now finding other things i need to do to properly have cert svcs working.Mibble