Microsoft KB Archive/246488

= Error Message: "Access Is Denied" When Non-Windows 2000 Clients Try to Access Certificate Templates =

Article ID: 246488

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q246488



SYMPTOMS
When a non-Windows 2000 client (for example, all Windows 9x and Windows NT clients) tries to enroll over the Internet with an Enterprise certification authority (CA) server, the following error message may be displayed:

Access is Denied.



CAUSE
This behavior occurs because non-Windows 2000 clients (that is, Windows 95, Windows 98, and Windows NT 4.0) do not support the Kerberos 5 authentication protocol, so they cannot enroll with an Enterprise CA unless the CA and Web server are hosted on the same computer as the domain controller.



MORE INFORMATION
The Web server must be able to read the list of certificate templates stored in the Active Directory on behalf of the client, and doing so requires support for delegation, which is available only using the Kerbeors protocol.

Keywords: kbprb KB246488

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.