Windows 2008 CA and XP smart card enrollment station
Hi all, I have a windows 2008 enterprise CA and would like to issue smart cards from a XP enrollment station. as per http://technet2.microsoft.com/windowsserver2008/en/library/c47e0d48-abeb-493e-a9f1-19bba1537ba51033.mspx?mfr=true im aware that certain functionailty has been removed, which allows me to use the web interface to enroll on behalf of another user. (which has been moved into the mmc for vista/2008) so, the upshot of all this - how am i meant to enroll another user from an XP enrollment workstation? i get the feeling that the answer to this is "i cant, use vista" - which is not good. can anyone confirm this, or hopefully confirm that there is a way to enroll from XP ?
April 25th, 2008 3:03am

Hello Ben, From my understanding, for the replacement of previous enrollment control "XEnroll.dll" you encounter a problem of certificate enrollment on the Windows Server 2008 from Windows Server 2003 (Windows XP) web enrollment page. Up to now, there is workaround hotfix of updating the web enrollment page on the Windows Server 2003 (Windows XP) to make it compatible to both Windows Server 2003 (Windows XP) and Windows Server 2008 (Windows Vista). Microsoft KB article that contains that hotfix: How to use Certificate Services Web enrollment pages together with Windows Vista or Windows Server 2008 http://support.microsoft.com/?kbid=922706 Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2008 1:27pm

Hi Miles, close, but no, the other way around. Im using a 2008 CA and want to enroll certificates for another useron an XP machine... the fucntionality to enroll certificates on behalf of another user has been removed from 2008 certsrvweb pages, as it has been moved into the mmc for vista/2008. This effectively means that if your using a 2008 CA, you cant enroll smartcards from an XP enrollment station. This seems a bit silly, so i was hoping there was a work-around or i have mis-understood.
April 30th, 2008 3:03am

Hello Ben, Yes, because the enrollment agent capability is removed from Web enrollment in Windows Server2008, you have to use a Windows Server2003based server with Web enrollment installed and use that server as an enrollment agent to enroll certificates through a Windows Server2008based CA for Windows XP smart card enrollment station. For manually install Web enrollment support, you may refer to: Set up certification authority Web enrollment support http://technet2.microsoft.com/windowsserver/en/library/cfbba99f-9473-4598-9037-7867127c058f1033.mspx Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
April 30th, 2008 1:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics