windows 2008 R2 enterprise, custom certificate request, no templates available via certificate authority mmc snap-in
Hello,
our problem is: no templates available via certificate authority mmc snap-in
Enterprise CA is windows 2008 R2
Client computer trying to get a Computer certificate for client and server authentication purpose , is windows 2008 r2 ent, already joined domain and currently logon with domain admins account. From certificate authority mmc snap-in >custom request
screen only "(No template) CNG key" and (No template) Legacy key" are visible from drop down box.
Have already tried to duplicate Computer certificate and published it and tried gpupdate /force from client computer, did not resolve issue. any ideas what is wrong? or any suggestions to resolve issue? thx
March 28th, 2012 3:56pm
In order to request computer certificates, you need to run Certificates MMC snap-in in a computer context. Run blank MMC console, add Certificates snap-in and switch option to Computer account context.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2012 1:14am
Sorry, let me re-phrase, I did run the blank mmc console then add certificate snap-in, but still no templates visible; steps below:
From client computer> Start > Run > MMC
File >Add/Remove snap-in > Certificates > Computer Account > Local computer > Finish.
Expand Certificates tree > Personal > All Tasks > Advanced Operation > Create Custom Request > Next > Custom Request > Next ---> at this point no templates are visible.
April 3rd, 2012 6:21pm
Make sure if computer account has granted Read and Enroll permissions on the template.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2012 1:28am
Vadims,
One more question on this topic: can domain users (not domain admins) request Computer certificate?
thx
April 12th, 2012 3:55pm
Via MMC no, they can't. Computer certificate enrollment requires local administrator permissions.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2012 1:31am