"Brian Komar" wrote:
[Quoted Text] > On Tue, 10 Jul 2007 14:46:01 -0700, James Small wrote: > > > Hello, > > > > I have a Windows Server 2003 R2 Enterprise system setup with AD and as a CA. > > It also has IIS installed for Web Enrollment. However, even from the system > > itself, when I go to http://localhost/certsrv, request a certificate, > > advanced certificate request, submit a certificate request by using... the > > only templates I have available for enrollment are Basic EFS and User. I am > > logged in as a full blown administrator so I don't believe it's a permissions > > problem. I checked in AD Sites and Services and Enrollment permissions > > appear to be available for all the templates to Domain/Enterprise Admins. > > > > Is there something different with R2 Enterprise versus standard 2003 > > Enterprise for PKI? > > > > Any suggestions on how to troubleshoot? > > > > Thanks, > > --Jim > > Did you run Certsrv.msc (Certification Authority) and check what > certificate templates are available at the CA > Brian >
Hi Brian,
Small world - I'm actually reading through your 2003 PKI book right now!
Thanks for writing it - PKI is very complex (at least for me) and this really
helps.
In any case, I did look and the particular template (Web Server) and it is
there. I'm comparing this server (R2 Enterprise) to another one (2003
Enterprise) and I'm not sure what's different. The 2003 Server works as I'd
expect. The R2 server only shows Basic EFS and User templates even though
there are quite a few more listed.
The only thing I can think of that's different is that the R2 server had
Sharepoint installed - I removed it as it seemed to cause problems with IIS
related services (probably because I just don't understand it well enough).
Any other thoughts on why the (Web Server) templates wouldn't be available
from Web Based enrollment?
Thanks,
--Jim
PS Please consider writing an updated PKI book for Server 2008! :-)
|