Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

(281260) - When you try to enroll for a certificate against an enterprise certification authority (CA), you may receive one of the following error messages: Web enrollment: Certificate Request Denied Your certificate request was denied. Contact your...

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 281260 - Last Review: December 3, 2007 - Revision: 7.5

A Certificate Request That Uses a New Template Is Unsuccessful

View products that this article applies to.
System TipThis article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows Vista Solution Center
This article was previously published under Q281260
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986  (http://kbalertz.com/Feedback.aspx?kbNumber=256986/EN-US/ ) Description of the Microsoft Windows Registry

SYMPTOMS

When you try to enroll for a certificate against an enterprise certification authority (CA), you may receive one of the following error messages:

Web enrollment:
Certificate Request Denied

Your certificate request was denied.

Contact your administrator for further information.

Certificate Request Wizard:
The certification authority denied your request. Unspecified error.
Back to the top

CAUSE

This behavior may occur if the certificate enrollment request is using a recently-created certificate template. When a new template is added to the CA, the
HKEY_CURRENT_USER
cache is immediately updated but the
HKEY_LOCAL_MACHINE
cache is not immediately updated. The
HKEY_LOCAL_ MACHINE
cache is updated in the next 15 minutes if the CA or the domain controller are on the same computer, and in the next 10 minutes if the CA or the domain controller are in a distributed configuration.
Back to the top

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this behavior, if you cannot wait for the applicable length of time, you can manually update the certificate template cache. The cache for computer certificates is in
HKEY_LOCAL_MACHINE
and the cache for user certificates is in
HKEY_CURRENT_USER
.
  • To force the cache update for a user certificate request, delete the following registry value from the client:
    HKEY_CURRENT_USER\Software\Microsoft\Cryptography\CertificateTemplateCache\Timestamp
To force the cache update for a computer certificate request:
  1. Delete the following registry value from the client:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\CertificateTemplateCache\Timestamp
  2. Delete the following registry value from the CA:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\CertificateTemplateCache\Timestamp
  3. Restart the Certificate Services on the CA.
Back to the top

MORE INFORMATION

In addition to the preceding error message, the CA logs the following event message in the program log:

Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 53
Date: 08/14/2000
Time: 05:13:00
User: N/A
Computer: computername
Description:
Certificate Services denied request 4 because the requested certificate template is not supported by this CA. 0x80094800 (-2146875392). The request was for domain\user. Additional information: Denied by Policy Module

Back to the top
APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Small Business Server 2003 Premium Edition
  • Microsoft Windows Small Business Server 2003 Standard Edition
Back to the top
Keywords: 
kberrmsg kbprb KB281260
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting