Microsoft KB Archive/283218

= A Certification Authority cannot use a certificate template =

Article ID: 283218

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-



This article was previously published under Q283218



SUMMARY
When Certificate Services starts on a Certification Authority (CA), a certificate template is unable to load and certificate requests are unsuccessful using the same template.



MORE INFORMATION
The behavior can occur because the Authenticated Users group is removed from the template's access control list (ACL). The Authenticated Users group is on a template ACL, by default. (The CA itself is included in this group.) If the Authenticated Users group is removed, the (enterprise) CA itself can no longer read the template in the Active Directory, and therefore, certificate requests can be unsuccessful.

If an administrator wants to remove the Authenticated Users group, each and every CA's computer account must be added to the template ACLs and set to Read.

If authenticated users have been removed from the ACLs of a template, the following errors may be observed when the CA starts and when a certificate is requested against the template.

Errors Observed When Enrollment Is Unsuccessful:
 For the client:

Enrollment by means of a Web page:

Certificate Request Denied

Your certificate request was denied.

Contact your administrator for further information.

Enrollment by means of the Microsoft Management Console (MMC):

Certificate Request Wizard:

The certification authority denied the request. Unspecified error.

 For the CA:

Event Type: Warning Event Source:  CertSvc Event Category: None Event ID:        53 Date:      08/14/2000 Time:      05:13:33 User:      N/A Computer:        MUSGRAVE Description: Certificate Services denied request 9 because the requested certificate template is not supported by this CA. 0x80094800 (-2146875392). The request was for TED\administrator. Additional information: Denied by Policy Module. The request was for certificate template that is not supported by the Certificate Services policy.



Error on CA When Certificate Services Starts
Event Type: Error Event Source:  CertSvc Event Category: None Event ID:        78 Date:      08/14/2000 Time:      05:13:12 User:      N/A Computer:        MUSGRAVE Description: The &quot;Enterprise and Stand-alone Policy Module&quot; Policy Module logged the following error: The Certificate Template could not be loaded. Element not found. 0x80070490 (WIN32: 1168).

Keywords: kberrmsg kbinfo KB283218

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.