Results 1 to 5 of 5

Thread: Windows Server 2003 Ent. Certificate Services Webenroll

  1. #1
    Join Date
    Aug 2006
    Posts
    173

    Windows Server 2003 Ent. Certificate Services Webenroll

    I have a domain in which a Certificate Authority is set up and its an Enterprise Edition. I have got a CAproxy (webenrollment) set up as well in my DMZ. If I am trying to login to the caproxy with remote desktop and then try to do a http://caproxy/certsrv web enrollment then I can get a certificate but when I try to do the enrollment from same proxy on some another computer then I am getting the below error:

    Your request failed. An error occurred while the server was processing your request.

    Contact your administrator for further assistance.

    Request Mode: newreq - New Request
    Disposition: (never set)
    Disposition message: (none)
    Result: Access is denied. 0x80070005 (WIN32: 5)
    COM Error Info: CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
    LastStatus: Access is denied. 0x80070005 (WIN32: 5)
    Suggested Cause: The Certification Authority Service has not been started.

    Can anyone tell me how to fix this problem. Thank you.

  2. #2
    Join Date
    Aug 2006
    Posts
    173

    Re: Windows Server 2003 Ent. Certificate Services Webenroll

    Alright, after doing some more testing and researching I am coming to a conclusion that if I use a machine in the same domain as the CA servers then only I can get the certificates. But if I use a machine which is not in the same domain or in neither of the domain then I start to get the same error message discussed above. Is there any workaround for this problem?

  3. #3
    Join Date
    Jan 2006
    Posts
    3,798
    Can you try to check if there are any errors in the event log on the CA itself? I think that you will have to open a support incident with Microsoft's support services to get this problem resolved.

  4. #4
    Join Date
    Aug 2006
    Posts
    173

    Re: Windows Server 2003 Ent. Certificate Services Webenroll

    No, there is nothing in the CA or CAproxy eventlog, the error is only on the enrollment pages or such. I am going to setup a virtual test environment to see if I can get it up on clean installations or not.

  5. #5
    Join Date
    Dec 2005
    Posts
    134

    Solution for this problem

    You can try to solve this issue by stopping the IIS and open the metabase that you can find in c:\windows\system32\inetsrv\metabse.xml path and then open the file in Notepad. In the same file you will have to search for the string logonmethod and check that under those 3 virtual directories of the Web Enrollment the method is set to 2 or so. If it is then change all the 3 values to "3" and save the file, and it will then resemble the following:

    </IIsWebVirtualDir>
    <IIsWebVirtualDir Location ="/LM/W3SVC/1/ROOT/CertControl"
    AccessFlags="AccessRead | AccessScript"
    AuthFlags="AuthAnonymous"
    LogonMethod="3"
    Path="C:\WINDOWS\system32\CertSrv\CertControl"
    >
    </IIsWebVirtualDir>
    <IIsWebVirtualDir Location ="/LM/W3SVC/1/ROOT/CertEnroll"
    AccessFlags="AccessRead | AccessScript"
    AuthFlags="AuthAnonymous"
    LogonMethod="3"
    Path="C:\WINDOWS\system32\CertSrv\CertEnroll"
    >
    </IIsWebVirtualDir>
    <IIsWebVirtualDir Location ="/LM/W3SVC/1/ROOT/CertSrv"
    AccessFlags="AccessRead | AccessScript"
    AppFriendlyName=""
    AppIsolated="0"
    AppRoot="/LM/W3svc/1/ROOT/CertSrv"
    AuthFlags="AuthAnonymous"
    LogonMethod="3"
    Path="C:\WINDOWS\system32\CertSrv"
    Last edited by FReakMaster; 29-10-2012 at 01:56 PM. Reason: More information

Similar Threads

  1. Replies: 5
    Last Post: 16-08-2011, 12:50 PM
  2. Replies: 1
    Last Post: 06-04-2010, 09:36 PM
  3. Install terminal services on Windows Server 2003
    By Computer_Freak in forum Tips & Tweaks
    Replies: 0
    Last Post: 27-03-2009, 11:12 PM
  4. Replies: 1
    Last Post: 27-06-2008, 01:28 AM
  5. Replies: 1
    Last Post: 09-06-2007, 02:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •