Hi all; Suppose the following scenario: I want to enroll some certificate by Web Enrollment feature that I can do the same process by using MMC. I go to the home of the web enrollment page and click on the "Request a Certificate" link, then in the next page that appears I click on the "Advanced Certificate Request", then I click on the "Create And Submit Request To This CA" link. When I do this an error message appears that says: An Unexpected Error Has Occurred . At the same time, when I go to the Application Log in the CA server, I can see the following error message: Source: CertSVC Event ID: 96 Certificate Services Could not create An Encrypted Certificate. Requested By contoso\administrator. The parameter is incorrect. 0*80070056 (WIN32:87). Can anyone help me to correct this problem? Thanks -Reza

Hi, Please try the steps below to troubleshoot and collect information: 1.When did the issue start to occur?2.Does this error occur on all client machines and all user? 3.Could you request certificate using MMC properly? 4.Could you request a certificate via Web Enrollment on the CA itself? 5.If there is any third party software installed, please try to disable them and test, including antivirus and Firewall. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for your reply. 1. I do not know the start time. But one day that I need enrolling certificate by using Web, I encountered the mentioned error. 2. Yes. I have used several clients with same result. 3. Yes. As I said before, using MMC has no problem. 4. No. I can see the same issue when trying to issue a certificate by web enrollment method. 5. I have uninstalled unneeded software on the server and disabled antivirus and firewall with same result. Thanks

Hi, One more question: which certificate template did the user request? If this error occurs on all templates, please help to collect the following information for research. ldifde -d "CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRoot,DC=com" -f output.ldf Run the command below in CMD: certutil.exe -f -setreg ca\debug 0xffffffff After that, restart CA to reproduce errors and collect the following logs. %Systemroot%\certsrv.log (Certsrv.exe) Certificate Services %SystemRoot%\certutil.log (Certutil.exe) %SystemRoot%\certreq.log (Certreq.exe) %SystemRoot%\certmmc.log (Certmmc.dll) Certificate Services MMC snap-in %SystemRoot%\certocm.log (Certocm.dll) Certificate Services Setup Compress them and use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give me the download address. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for your reply; As I said, when I click the "Create And Submit Request To This CA" link, the mentioned error appears. I did as your instruction, but I cannot find the "certreq.log" file. The download link to other files is: http://cid-3a822dbb941c4298.skydrive.live.com/self.aspx/.Public/Export%20Log%20File.zip

Hi, Based on the log file, the "msPKI-Cert-Template-OID" attribute is missing under: CN=CAExchange,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=sh-bagheri,DC=org Open ADSIEDIT.MSC, navigate to above location, double-click CN=CAExchange, find "msPKI-Cert-Template-OID" and copy and paste the following value: 1.3.6.1.4.1.311.21.8.5195302.5360284.8471687.495223.12001752.46.1.26 Run the following command: net stop certsvc net start certsvc Try to test. Is there any progress? If not, run the following command: regsvr32 /i:i /n /s %windir%\system32\certcli.dll Restart CA service. Could we request certificate now? Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for your reply. I will test your instructions tomorrow and give you the result. Thanks -Reza