User certificate autoenrollement from different domain
I am trying to get autoenrollement working for a user certificate. My CA is configured in a different domain than my users. I have added the security to the template that I would like to use as well as the GPO. However, when I manually
try to enroll from the workstation, I get an RPC server not available. If however I run the MMC with a user from my CA domain it works well. I have validated every place that I read so far and I cannot get it to work from my other domain.
If someone can help me out, I would appreicate it.
September 13th, 2012 11:10am
make sure if:
1) both domains (account and service) are members of the same forest
2) you are using global or universal security groups to assign permissions on certificate templates
3) clients can reach CA server via DCOM/RPC protocols
"RPC unavailable" error may be caused due to various reasons. The most common reasons are:
1) client cannot resolve CA host name
2) client cannot reach CA server (routing problems)
3) firewall on CA server does not allow connections from account domains.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2012 1:09pm
make sure if:
1) both domains (account and service) are members of the same forest
2) you are using global or universal security groups to assign permissions on certificate templates
3) clients can reach CA server via DCOM/RPC protocols
"RPC unavailable" error may be caused due to various reasons. The most common reasons are:
1) client cannot resolve CA host name
2) client cannot reach CA server (routing problems)
3) firewall on CA server does not allow connections from account domains.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
September 13th, 2012 1:14pm