Microsoft KB Archive/298489

= Automatic Certificate Request for Internet Protocol Security May Not Distribute Certificate =

Article ID: 298489

Article Last Modified on 3/2/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

-



This article was previously published under Q298489



SYMPTOMS
After you create an automatic certificate request Group Policy for Internet Protocol security (IPSec), computers may not receive an IPSec certificate, even though the policy has been applied.



CAUSE
This issue can occur if a corresponding IPSec certificate template has not been created at the enterprise certification authority (CA).



RESOLUTION
To resolve this issue, create an IPSec certificate template at the enterprise CA:
 * 1) Start the Certification Authority Microsoft Management Console (MMC) snap-in that is located in the Administration Tools folder on the enterprise CA.
 * 2) Right-click Certificate Templates, and then New - Certificate Template to Issue.
 * 3) Click the IPSEC template, and then click OK.

NOTE: Computers do not receive the IPSec certificate until the next Group Policy refresh interval. To force an immediate policy refresh, you can use the gpupdate command.



STATUS
This behavior is by design.

Keywords: kbenv kbnetwork kbprb KB298489

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.