Hi, we have w2003 dc domain, w2008 ent CA (not dc), and xp client computer. I logon to client pc with regular domain user and trayed to request certificate from ent ca. I got an error: The wizard cannot be started because of one or more of the following conditions:- There are no trusted certification authorities (CAs) available.- You do not have the permissions to request certificates from the available CAs.- The available CAs issue certificates for which you do not have permissions.I can see CA server root certificate on client pc in Trusted Root Certification Authorities.I applyed http://support.microsoft.com/kb/968730I applyed "Read" and "Enroll" permissions on the main "User" template for the current user.and same error, please helpthanksaurimas

make sure if:1) root certificate is in computer store, Trusted Root CAs container.2) Authenticated Users group is granted Request Certificates permissions in Security tab (in certsrv.msc snap-in)3) your Enterprise CA is correctly registered in Enrollment Services container. On CA server run pkiview.msc, select Enterprise PKI node and clicl Manage AD Containers in context menu. Switch to Enrollment Services tab and here should be your Enterprise CA certificate.http://www.sysadmins.lv

thanks, Vadims, for the answer, 1) root certificate is in computer store, Trusted Root CAs container.yes, Trusted Root Certificate is available in this container, and it is ok,2) Authenticated Users group is granted Request Certificates permissions in Security tab (in certsrv.msc snap-in)yes, this group is granted Request Certificate permissions,3) your Enterprise CA is correctly registered in Enrollment Services container. On CA server run pkiview.msc, select Enterprise PKI node and clicl Manage AD Containers in context menu. Switch to Enrollment Services tab and here should be your Enterprise CA certificate.yes, I can see Enterprise CA sertificate in this and some other tabs, anything else can I check ? thank you aurimas

make sure if CA certificate is not revoked and if client is able to build a certification path up to root certificate.http://www.sysadmins.lv

since we have just root CA, i can see the path root_certificate\client_certificate, maybe it is something with the rights, because with some admin users I am not able to request computer certificate, but what rights i have to manage ? thanksaurimas

I gave enroll rithts to test user for Administrator Template and now I am able to enroll Administrator certificate with this user. But why I am not able to request User or Computer certificate even if these Templates are available in CA Certificate Templates container even the rights are correct?thanks,aurimas