Hello I'm working with Microsoft CA(Certification Authority) on Windows server 2003; My server is "Win server 2003" and my client "Win XP", both on Virtual Machine. I've joint my XP to the server's domain; I've read the article on: http://technet.microsoft.com/en-us/library/cc787009(WS.10).aspx and tried to test it using my client and server to send a cerificate request from my XP to the CA on my server. Everything was going well, but I saw an error on this command: certreq -attrib "CertificateTemplate:DomainController" <dcname.req> These pictures show my problem: http://www.photohost.biz/files/q1f16z743xujkujfpk88.jpg http://www.photohost.biz/files/p7x9y9bhn1tznuz4s213.jpg I don't know how should I do the DNS setting on my server to solve this problem! Could you help me with this problem please?! THX.

You are trying to create a Domain Controller Certificate on a Winodws XP Desktop. You cannot run Winodws XP as a Domain Controller. What are you trying to achieve? Cheers Wayne Airloom

Hi and thanks for the reply; Because I'm new to MS CA, I want to test sending a certificate request from Win. XP client to a CA on server. But I've not had any step-by-step document for this purpose!! So, I used the mentioned document. Is there any good reference to this purpose? How can I send a certificate request (with a custom certificate template) from XP to CA on the server? I'll greatly appreciate you if help me with this issue... I'm so hurry!! Thanks in Advance.

Any help please...

For a random certificate request follow this : • You can attempt the following method to install a Client Certificate: 1. On the XP computer, open Internet Explorer and enter http(s):// rostamily-58db22.Sample.local/certsrv in the address bar 2. In the log on dialog box, enter the credentials of a user. Click OK. 3. On the Welcome page of the Web enrollment site, click the Request a certificate link. 4. On the Request a Certificate page, click the User Certificate link. 5. On the User Certificate – Identifying Information page, click Submit. 6. Click Yes on the Potential Scripting Violation dialog box informing you that the Web site is requesting a certificate on your behalf. 7. On the Certificate Issued page, click the Install this certificate link. 8. Click Yes on the Potential Scripting Violation page informing you that the Web site is adding a certificate to the machine. 9. Close Internet Explorer after you see the Certificate Installed page. Cheers Wayne Airloom

Hi dear Wayne. I think this procedure you suggest me, requires establishing a "Web certificate enrollment" service as prerequisite! I've not this service running on my system now; I just want to send a certificate request (based on a custom certificate template) from my XP client (that is joint to the server's domain "smallbusiness.local") to the CA called "Custom CA" on my server (both on VMware). I have a VBScript to do this, as the mentioned document instructed, but I want to know how could I send this request to CA "online", since that document have described the "offline" sending! I mean which service or component on server or client must be active to enable this process -submitting the certificate request object to the server (specially to the CA)? Could you help me again with this issue?! Best Regards.

1. You need to create an INF file - http://technet.microsoft.com/en-us/library/cc736326(WS.10).aspx 2. You need to generate the request file - http://technet.microsoft.com/en-us/library/cc725793(WS.10).aspx 3. You then need to submit the request - http://technet.microsoft.com/en-us/library/cc725793(WS.10).aspxPaul Adare CTO IdentIT Inc. ILM MVP