Our company is currently putzing around with the idea of using Smart Card readers for authentication in some of our more mission-critical labs. I think I've got the necessary GPOs ready, but I'm having a bit of trouble rolling out our certificate server.
I've got a CA set up on our test server and it does seem to be serving
"automatic" requests properly (domain controllers, etc.) but I can't
manually enroll any users. Every time they try to load any request page
from the CA request site, the following error occurs:
"The proper version of the ActiveX control failed to download and
install. You may not have sufficient permissions. Please ask your
system administrator for assistance."
The CertSrv is a Windows Server 2003 Standard Edition server with all
applicable patches installed. The test machines are XP SP1 machines with
all applicable patches installed.
I've tried turning IE Security and Privacy to the lowest applicable settings
and have added the CertSrv to the "Trusted Sites" list per KB330211, all to
no avail. At the moment, this is not an SSL site (though it will be).
I know this must be something *really* simple that I'm merely overlooking,
but I've spent the last several hours digging through Microsoft's support
site, search engines, and Microsoft-related newsgroups. The only thing I
can do to "bypass" the problem is to manually download and install
"xenroll.dll," which really isn't going to be an acceptable enterprise-wide
solution. Could this be a setting in a GPO that I'm overlooking? If you
folks have any ideas, I'd be much obliged.
-James R. Rogers
smime.p7s
Description: S/MIME cryptographic signature
