Problems with AD CS on 2008 r2
We have installed a 2008 r2 server as CA in our domain, and are having problems issuing certificates to our 2003 domain controllers.
The root certificate is fine, everyone gets it. But the computer certificate for domain controllers is a whole other story.
On our 2008 domain controllers, i can use the wizard when adding certificates in mmc, and request from there. Then the certificate for the DC is issued correctly, and placed correctly.
But this option does not work on our 2003 domain controllers, i get the error:
The wizard cannot be started because of one or more of the following reasons:
- There are no trusted certification authorities (CAs) available.
- You do not have the permissions to request certificates from the available CAs.
- The available CAs issue certificates for wich you do not have permission.
I have checked everything i can think of, and can't find anything wrong. Besides, would i not get the same error on our 2008 DCs if there wasn't any CAs available or there was something wrong with the permissions?
If i use Web enrollment, it doesn't work at all, on both 2008 and 2003. I can create a certificate request, and select "domain controller" for the template. But the thing puts the certificate in the personal user store, not in the computer store. And the static information when looking at the details for the certificate is different than the certificate that was issued to a 2008 DC with the wizard. It's like the server issues different certificates through different templates, when all i'm using is the default template.
Excuse me for sounding like a total newbie at this, but i am. I just got this task thrown at me, with the order to make it work, because no one else dared to touch our old CA who was failing. Only problem is that my level of skill in this particular field is more or less none :p
Please ask if you are wondering about anything, and i'll try to provide as much information as possible. I am desperate to make this work!