Guest RAZ Posted March 4, 2008 Posted March 4, 2008 We have a small domain with two Win2K3 servers. My so called PDC is our Certificate Authority. This server is Standard edition. My other domain controller is receiving autoenrollment events in the event viewer with the following message: "Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied." The second domain controller is Win2K3 Enterprise edition. I tried installing a new smart card certificate template but learned I can't do that with the PDC because it is standard edition which won't allow V2 template creation. How can I solve this issue? Is it wise to have more then one certificate authority on a small domain?
Guest andy webb Posted March 4, 2008 Posted March 4, 2008 Re: Certificate Template Creation what I would do is this: 1. tear down the CA you have on the domain controller. 2. on your Enterprise server, install Virtual Server, then build a VM running Enterprise (you are licensed for up to 4!) to be your standalone, offline rootCA 3. copy that VM once all patched and happy and run sysprep on it to create a second VM to be your Enterprise CA. Configure it to integrate with AD and publish CRL's and AIA to AD. 4. create your certificate template on the Enterprise CA "RAZ" <RAZ@discussions.microsoft.com> wrote in message news:87679F36-478C-4C06-A4E6-2D1BC59F4AD8@microsoft.com... > We have a small domain with two Win2K3 servers. My so called PDC is our > Certificate Authority. This server is Standard edition. My other domain > controller is receiving autoenrollment events in the event viewer with the > following message: > "Automatic certificate enrollment for local system failed to enroll for > one > Domain Controller certificate (0x80070005). Access is denied." > The second domain controller is Win2K3 Enterprise edition. I tried > installing a new smart card certificate template but learned I can't do > that > with the PDC because it is standard edition which won't allow V2 template > creation. > How can I solve this issue? Is it wise to have more then one certificate > authority on a small domain? > >
Recommended Posts