Microsoft KB Archive/171140

= Permission Denied During Certificate Creation =

Article ID: 171140

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Certificate Server 1.0
 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q171140



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When you try to create a client certificate for Microsoft Internet Explorer through the Microsoft Internet Explorer Enrollment Form, you may get an error message similar to the following:

Microsoft VBScript runtime error '800a0046'

Permission denied

/CertSrv/CertEnroll/ceaccept.asp, line 10



CAUSE
The IUSR_computername account does not have access to the Certificate Server shared folder.



RESOLUTION
Give the IUSR_computername account Read access to the shared folder, and the certificates will be issued properly.



MORE INFORMATION
If the anonymous account (or logged-in user) does not have at least Read access to the Well Known Directory, the certificate generation process will fail. An error message will be returned, formatted as an HTML document.

The Well Known Directory is the name given to the shared folder required by the Certificate Server Setup program. This share contains information specific to the Self-Signed Certificate (Root CA).

Keywords: kberrmsg kbother kbprb KB171140

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.