Go Back   TechArena Community > Technical Support > Computer Help > Windows Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Windows Server 2003 Ent. Certificate Services Webenroll

Windows Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 18-10-2005
Member
 
Join Date: Aug 2006
Posts: 173
Windows Server 2003 Ent. Certificate Services Webenroll

I have a domain in which a Certificate Authority is set up and its an Enterprise Edition. I have got a CAproxy (webenrollment) set up as well in my DMZ. If I am trying to login to the caproxy with remote desktop and then try to do a http://caproxy/certsrv web enrollment then I can get a certificate but when I try to do the enrollment from same proxy on some another computer then I am getting the below error:

Your request failed. An error occurred while the server was processing your request.

Contact your administrator for further assistance.

Request Mode: newreq - New Request
Disposition: (never set)
Disposition message: (none)
Result: Access is denied. 0x80070005 (WIN32: 5)
COM Error Info: CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)
LastStatus: Access is denied. 0x80070005 (WIN32: 5)
Suggested Cause: The Certification Authority Service has not been started.

Can anyone tell me how to fix this problem. Thank you.

Reply With Quote
  #2  
Old 18-10-2005
Member
 
Join Date: Aug 2006
Posts: 173
Re: Windows Server 2003 Ent. Certificate Services Webenroll

Alright, after doing some more testing and researching I am coming to a conclusion that if I use a machine in the same domain as the CA servers then only I can get the certificates. But if I use a machine which is not in the same domain or in neither of the domain then I start to get the same error message discussed above. Is there any workaround for this problem?
Reply With Quote
  #3  
Old 19-10-2005
Member
 
Join Date: Jan 2006
Posts: 3,780
Can you try to check if there are any errors in the event log on the CA itself? I think that you will have to open a support incident with Microsoft's support services to get this problem resolved.
Reply With Quote
  #4  
Old 19-10-2005
Member
 
Join Date: Aug 2006
Posts: 173
Re: Windows Server 2003 Ent. Certificate Services Webenroll

No, there is nothing in the CA or CAproxy eventlog, the error is only on the enrollment pages or such. I am going to setup a virtual test environment to see if I can get it up on clean installations or not.
Reply With Quote
  #5  
Old 30-05-2008
Member
 
Join Date: Dec 2005
Posts: 134
Solution for this problem

You can try to solve this issue by stopping the IIS and open the metabase that you can find in c:\windows\system32\inetsrv\metabse.xml path and then open the file in Notepad. In the same file you will have to search for the string logonmethod and check that under those 3 virtual directories of the Web Enrollment the method is set to 2 or so. If it is then change all the 3 values to "3" and save the file, and it will then resemble the following:

</IIsWebVirtualDir>
<IIsWebVirtualDir Location ="/LM/W3SVC/1/ROOT/CertControl"
AccessFlags="AccessRead | AccessScript"
AuthFlags="AuthAnonymous"
LogonMethod="3"
Path="C:\WINDOWS\system32\CertSrv\CertControl"
>
</IIsWebVirtualDir>
<IIsWebVirtualDir Location ="/LM/W3SVC/1/ROOT/CertEnroll"
AccessFlags="AccessRead | AccessScript"
AuthFlags="AuthAnonymous"
LogonMethod="3"
Path="C:\WINDOWS\system32\CertSrv\CertEnroll"
>
</IIsWebVirtualDir>
<IIsWebVirtualDir Location ="/LM/W3SVC/1/ROOT/CertSrv"
AccessFlags="AccessRead | AccessScript"
AppFriendlyName=""
AppIsolated="0"
AppRoot="/LM/W3svc/1/ROOT/CertSrv"
AuthFlags="AuthAnonymous"
LogonMethod="3"
Path="C:\WINDOWS\system32\CertSrv"

Last edited by FReakMaster : 29-10-2012 at 01:56 PM. Reason: More information
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Security
Tags: ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Windows Server 2003 Ent. Certificate Services Webenroll"
Thread Thread Starter Forum Replies Last Post
Windows 2003 Server CA Problem and Automatic certificate enrollment pac0124 Windows Server Help 5 16-08-2011 12:50 PM
Server Windows 2003 problems after reboot (terminal server, network,services, storage errors) Michael Halupek Windows Server Help 1 06-04-2010 09:36 PM
Install terminal services on Windows Server 2003 Computer_Freak Tips & Tweaks 0 27-03-2009 11:12 PM
Windows 2008 CA can't issue certificate to Windows 2003 server WarRen! Windows Security 1 27-06-2008 01:28 AM
Use Windows 2003 CA to create a web server certificate with alternative DNS names maketu Windows Security 1 09-06-2007 02:28 PM


All times are GMT +5.5. The time now is 02:27 AM.