Microsoft KB Archive/271861

= Windows cannot find a certification authority that processes the request =

Article ID: 271861

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q271861



SYMPTOMS
When a domain user from a Microsoft Windows 2000 child domain tries to request a user certificate by using the Microsoft Management Console (MMC) Certificates snap-in, the domain user receives the following error message:

Certificate Request Wizard

Windows cannot find a certification authority that will process the request.

If the request is made by using a Microsoft Internet Explorer browser, the domain user receives the following error message:

Certificate Request Denied

Your certificate request was denied

Contact your administrator for further information.



CAUSE
The Domain Users group on the child domain does not have the right to enroll a user template.



RESOLUTION
To resolve this issue, follow these steps:
 * 1) From a domain controller in the child domain, log on to the parent domain with a user account that has membership in the Enterprise Admins group.
 * 2) Click Start, click Programs, click Administrative Tools, and then click the Active Directory Sites and Services snap-in.
 * 3) In MMC, right-click the Active Directory Sites and Services snap-in, click View, and then click Show Services Mode. This allows you to view the Services folder, which is hidden from view by default.
 * 4) From the Active Directory Sites and Services snap-in, click Services, click Public Key Services, and then click Certificate Templates. This reveals the complete list of published certificate templates in Active Directory.
 * 5) Double-click the User certificate template to view the properties.
 * 6) On the Security tab, click Add to add the Domain Users group of the child domain to the list.
 * 7) For the Domain Users (CHILDDOMAINNAME\Domain Users) group, select the Read and Enroll rights.
 * 8) Restart the computer.



MORE INFORMATION
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

279780 Error message: Windows cannot find a certification authority that will process this request

Keywords: kbcertservices kbprb KB271861

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.