RE: [ActiveDir] CertSvc Error

[Bernard, Aric]

In the default domain controllers policy (or an alternate policy if you have left this one intact), look at the following: Public Key Policies/Autoenrollment Settings Public Key Policies/Automatic Certificate Request Settings   Keep in mind that this could be set in any policy that affects the DC in question.     Also, and I forgot to ask previously, do you want to your DCs to have certs?  While not mandatory, in the near term you will find that more services, applications, etc. will become dependent on certs and therefore it is a good idea to become intimately involved with PKIs and how the interoperate inside and outside of your organization.     HTH   Aric   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Thursday, November 10, 2005 10:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] CertSvc Error   Where exactly is this setting in the DDC policy?  All I have enabled is this:   Policy Setting Microsoft network server: Digitally sign communications (if client agrees) Enabled     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, November 10, 2005 12:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] CertSvc Error   The “DomainController(v0.0): V1 Certificate Template” is not supported under Windows Server 2003.  You may be specifying that your DCs autoenroll for this certificate via GPO.  Check out your DDC GPO.  The new policy they should be autoenrolling for is “Domain Controller Authentication”.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Thursday, November 10, 2005 9:11 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] CertSvc Error   It was a Windows 2000 upgraded to Windows 2003   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Thursday, November 10, 2005 12:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] CertSvc Error   Is your CA on Windows Server 2003 in a Windows 2000 domain?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Thursday, November 10, 2005 11:44 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] CertSvc Error I keep getting these errors on my root domain controller and any new DC’s added are not being issued certificates.   Event Type:       Warning Event Source:    CertSvc Event Category: None Event ID:           77 Date:                11/10/2005 Time:                3:00:36 AM User:                N/A Computer:         SWSAD1 Description: The "Windows default" Policy Module logged the following warning: The DomainController(v0.0): V1 Certificate Template could not be loaded.  Element not found. 0x80070490 (WIN32: 1168).   Event Type:       Warning Event Source:    CertSvc Event Category: None Event ID:           53 Date:                11/10/2005 Time:                3:00:36 AM User:                N/A Computer:         SWSAD1 Description: Certificate Services denied request 1242 because The requested certificate template is not supported by this CA. 0x80094800 (-2146875392).  The request was for SWSGS\BSGAD1$.  Additional information: Denied by Policy Module  0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy: DomainController.   I looked at the following MS article but saw no resolution. http://support.microsoft.com/default.aspx?scid=kb;en-us;283218   Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469   __________________________________ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You.