Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 283218 - Last Review: December 3, 2007 - Revision: 7.5
A Certification Authority cannot use a certificate template
This article was previously published under Q283218
When Certificate Services starts on a Certification
Authority (CA), a certificate template is unable to load and certificate
requests are unsuccessful using the same template.
The behavior can occur because the Authenticated Users
group is removed from the template's access control list (ACL). The
Authenticated Users group is on a template ACL, by default. (The CA itself is
included in this group.) If the Authenticated Users group is removed, the
(enterprise) CA itself can no longer read the template in the Active Directory,
and therefore, certificate requests can be unsuccessful.
If an
administrator wants to remove the Authenticated Users group, each and every
CA's computer account must be added to the template ACLs and set to
Read.
If authenticated users have been removed from the ACLs of a
template, the following errors may be observed when the CA starts and when a
certificate is requested against the template.
Errors Observed When Enrollment Is Unsuccessful:
- For the client:
Enrollment by means of a Web
page: Certificate Request Denied
Your
certificate request was denied.
Contact your administrator for
further information.
Certificate Request Wizard:
The
certification authority denied the request. Unspecified error.
- For the CA:
Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 53
Date: 08/14/2000
Time: 05:13:33
User: N/A
Computer: MUSGRAVE
Description:
Certificate Services denied request 9 because the requested certificate
template is not supported by this CA. 0x80094800 (-2146875392). The
request was for TED\administrator. Additional information: Denied by
Policy Module. The request was for certificate template (<template name>)
that is not supported by the Certificate Services policy.
Error on CA When Certificate Services Starts
Event Type: Error
Event Source: CertSvc
Event Category: None
Event ID: 78
Date: 08/14/2000
Time: 05:13:12
User: N/A
Computer: MUSGRAVE
Description:
The "Enterprise and Stand-alone Policy Module" Policy Module logged the
following error: The <template name> Certificate Template could not be
loaded. Element not found. 0x80070490 (WIN32: 1168).
APPLIES TO
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Small Business Server 2003 Premium Edition
- Microsoft Windows Small Business Server 2003 Standard Edition
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate