Our company is currently putzing around with the idea of using Smart Card readers for authentication in some of our more mission-critical labs. I think I've got the necessary GPOs ready, but I'm having a bit of trouble rolling out our certificate server.
I've got a CA set up on our test server and it does seem to be serving "automatic" requests properly (domain controllers, etc.) but I can't manually enroll any users. Every time they try to load any request page from the CA request site, the following error occurs: "The proper version of the ActiveX control failed to download and install. You may not have sufficient permissions. Please ask your system administrator for assistance." The CertSrv is a Windows Server 2003 Standard Edition server with all applicable patches installed. The test machines are XP SP1 machines with all applicable patches installed. I've tried turning IE Security and Privacy to the lowest applicable settings and have added the CertSrv to the "Trusted Sites" list per KB330211, all to no avail. At the moment, this is not an SSL site (though it will be). I know this must be something *really* simple that I'm merely overlooking, but I've spent the last several hours digging through Microsoft's support site, search engines, and Microsoft-related newsgroups. The only thing I can do to "bypass" the problem is to manually download and install "xenroll.dll," which really isn't going to be an acceptable enterprise-wide solution. Could this be a setting in a GPO that I'm overlooking? If you folks have any ideas, I'd be much obliged. -James R. Rogers
smime.p7s
Description: S/MIME cryptographic signature