From: "Charles Yang [MSFT]" on
HI PG,

It should be a so wired issue, if the issue is urgent it is your best
interest to call CSS for supporter. I have also made research on this issue
and also get some steps which might be helpful to you:

1. Make the certutil command that is part of Windows Server 2003 server
available to your client computer.
2. Make sure that you are able to reach an enterprise CA. Calling certutil
-dump shows all Enterprise CAs in your forest. You can also try to ping a
specific CA with certutil -config [Machine\CAName] -ping
Replace [Machine\CAName] with the "Config:" row from the certutil -dump
output.
3. To verify template permissions, run the following command at your
client: certutil -config [Machine\CAName] -catemplates
The command-output shows a list of certificate templates that are attached
to a specific CA. Make sure that you have at least for one certificate
permissions.
4. Make sure that at least one of the certificate templates where you have
enrollment permissions has set the option "Supply in the request" in the
certificates template Subject Name tab. If you have permissions on a
certificate but the Subject name is not built from Active Directory, your
certificate request will fail.
5. Your client might not be able to verify the CA certificates validity. To
check the CA certificate you must make the CA certificate available to your
client computer. Perform the following command at your client:
certutil -verify -URLfetch [CAcertificate]

Replace CAcertificate with the filename of the CA certificate. Make sure
that the CA certificate is verified successfully.

Then try to repeat your steps to see if the issue can be clear, in addition
please also make sure that your Enterprise AD did not belong to domain
guest member group.

Hope the above information helpful. I am sorry for any inconvenience on
this issue.



Best regards,

Charles Yang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "PG" <*@*.*>
| References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
<tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
<OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
<biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
<#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
<MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
<u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
<AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
<#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
<34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
<Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl>
<Oi6nhtCwFHA.552(a)TK2MSFTNGP12.phx.gbl>
<hCBwZJjwFHA.3244(a)TK2MSFTNGXA01.phx.gbl>
| Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| Date: Tue, 27 Sep 2005 08:52:36 +0100
| Lines: 1415
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Message-ID: <uTRYvizwFHA.2076(a)TK2MSFTNGP14.phx.gbl>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 62.48.233.71
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:156751
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Charles,
|
| Yes all the grey templates have permission issues. I cant add, or change
the
| permissions for those templates.
|
| And all my efforts where made has enterprise admin, to try and clear the
| "access denied" problem... :(
|
| I really don't understand what went wrong with this Certification
Authority.
|
| :(
|
| ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in message
| news:hCBwZJjwFHA.3244(a)TK2MSFTNGXA01.phx.gbl...
| > HI PG,
| >
| > From your description, it seems a lot of template has the permission
| > issue?
| > Can I assume that all the permission of this grey template encountered
the
| > same issue when you try to change the permission and the permission the
| > security section is not correct as I referred to?
| >
| > If so, I suggest you make sure that you logon the SBS server with
| > Enterprise Admin, it seems to be the permission issue, if possible
please
| > make sure that you logon via Built-in Enterprise Admin to see if the
| > problem can be cleared,
| >
| > Thanks for your effort.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "PG" <*@*.*>
| > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
| > <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
| > <34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
| > <Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| > | Date: Fri, 23 Sep 2005 11:39:53 +0100
| > | Lines: 1168
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | Message-ID: <Oi6nhtCwFHA.552(a)TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: 62.48.233.71
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:155851
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi Charles,
| > |
| > | I went to DCOMCNFG and on the Launch permission it was empty, and I
| > added
| > | Everyone with (Launch permission---Allow)
| > | and in the Access permission it is everyone (Access
permission---Allow),
| > so
| > | I didn't have to change it.
| > | Could not find anything that refered to (Local Activation Remote
| > Activation)
| > | or (Local Access Remote Access) as you sayd. Only (Launch Permission)
| > and
| > | (Access Permission).
| > |
| > | After applying the changes to DCOM I tryed to request a certificate,
and
| > the
| > | same error ocurred. Duplicated a Template and still the same error. :(
| > | "No certificate templates could be found. You do not have permission
to
| > | request a certificate from this CA,or an error occurred while
accessing
| > the
| > | Active Directory."
| > |
| > | In response to your question, all the certificates templates, from the
| > | pictures I sent you, that are greyd out have permissions issues, and
| > don't
| > | let me add or change permissions for those certificates.
| > |
| > | :(
| > |
| > |
| > | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in
message
| > | news:Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl...
| > | > HI PG,
| > | >
| > | > Thanks for updates.
| > | >
| > | > After making research, I find solutions for you, please refer to the
| > steps
| > | > below:
| > | >
| > | > 1 Open DCOMCNFG
| > | > 2- Select Componect Services
| > | > ---Computers
| > | > ----My Computer
| > | > ------Dcom Config
| > | > ---- CertSrv Request
| > | > 3- Open properties and verify Security permission for Launch and
| > | > Activation
| > | > Permissions (Should be Customize --Everyone ---Local Activation
Remote
| > | > Activation)
| > | >
| > | > Access Permissions (Should be Customize -Everyone ---Local Access
| > Remote
| > | > Access)
| > | >
| > | > If the issue still exists, please recreate a certificate template to
| > see
| > | > if
| > | > the issue can be resolved. You can try to request a certificate via
a
| > new
| > | > template. From your screenshot we found only one of the template you
| > | > encountered permission issue, can we assume it is the certificate
| > template
| > | > you use for the certificate?
| > | >
| > | > Thanks for understanding on this issue, please feel free to post
back.
| > | >
| > | >
| > | >
| > | > Best regards,
| > | >
| > | > Charles Yang (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | > --------------------
| > | > | X-Tomcat-ID: 138385008
| > | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | > <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > | > <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
| > | > <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain
| > | > | Content-Transfer-Encoding: 7bit
| > | > | From: v-chayan(a)online.microsoft.com ("Charles Yang [MSFT]")
| > | > | Organization: Microsoft
| > | > | Date: Fri, 23 Sep 2005 08:54:33 GMT
| > | > | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | Message-ID: <34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | Lines: 797
| > | > | Path: TK2MSFTNGXA01.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:155820
| > | > | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
| > | > |
| > | > | HI PG,
| > | > |
| > | > | Currently, I am performing research on this issue, I will return
to
| > you
| > | > as
| > | > | soon as possible, please understand that it might be some delay
due
| > to
| > | > the
| > | > | weekend.
| > | > |
| > | > | Thanks for your understanding.
| > | > |
| > | > |
| > | > | Best regards,
| > | > |
| > | > | Charles Yang (MSFT)
| > | > |
| > | > | Microsoft CSS Online Newsgroup Support
| > | > |
| > | > | Get Secure! - www.microsoft.com/security
| > | > |
| > | > | ======================================================
| > | > | This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > | regarding other Microsoft products, you'd better post in the
| > | > corresponding
| > | > | newsgroups so that they can be resolved in an efficient and timely
| > | > manner.
| > | > | You can locate the newsgroup here:
| > | > | http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > |
| > | > | When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > | "Notify me of replies" box to receive e-mail notifications when
| > there
| > | > are
| > | > | any updates in your thread. When responding to posts via your
| > | > newsreader,
| > | > | please "Reply to Group" so that others may learn and benefit from
| > your
| > | > | issue.
| > | > |
| > | > | Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > | provide other information for your reference, we recommend you
post
| > | > | different incidents in different threads to keep the thread
clean.
| > In
| > | > doing
| > | > | so, it will ensure your issues are resolved in a timely manner.
| > | > |
| > | > | For urgent issues, you may want to contact Microsoft CSS directly.
| > | > Please
| > | > | check http://support.microsoft.com for regional support phone
| > numbers.
| > | > |
| > | > | Any input or comments in this thread are highly appreciated.
| > | > | ======================================================
| > | > | This posting is provided "AS IS" with no warranties, and confers
no
| > | > rights.
| > | > |
| > | > |
| > | > | =====================================================
| > | > | When responding to posts, please "Reply to Group" via your
| > newsreader
| > so
| > | > | that others may learn and benefit from your issue.
| > | > | =====================================================
| > | > |
| > | > | This posting is provided "AS IS" with no warranties, and confers
no
| > | > rights.
| > | > |
| > | > | --------------------
| > | > | | From: "PG" <*@*.*>
| > | > | | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > | <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > | <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | > | <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > | > | <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
| > | > | | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| > | > | | Date: Thu, 22 Sep 2005 11:32:11 +0100
| > | > | | Lines: 785
| > | > | | X-Priority: 3
| > | > | | X-MSMail-Priority: Normal
| > | > | | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | | X-RFC2646: Format=Flowed; Original
| > | > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | | Message-ID: <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
| > | > | | Newsgroups: microsoft.public.windows.server.sbs
| > | > | | NNTP-Posting-Host: 62.48.233.71
| > | > | | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| > | > | | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:155518
| > | > | | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | |
| > | > | | Hi Charles,
| > | > | |
| > | > | | 1. I sent all the logs you requested to your e-mail.
| > | > | |
| > | > | | 2. Done that also.
| > | > | |
| > | > | | 3. No changes done...that I can remember
| > | > | |
| > | > | | Thanks
| > | > | |
| > | > | | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in
| > | > message
| > | > | | news:AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl...
| > | > | | > Hi PG,
| > | > | | >
| > | > | | > After checking your screen shot, we decide to collect more
| > | > information,
| > | > | as
| > | > | | > this issue should relate to AD setting:
| > | > | | >
| > | > | | > 1. Please send me all the event log except the application and
| > | > system
| > | > | | > event
| > | > | | > log that you have already sent to me.
| > | > | | > 2. please also run netdiag -v and dcdiag -v on the SBS server
| > and
| > | > send
| > | > | the
| > | > | | > results to me also.
| > | > | | > 3. If possible, could you tell us if have changed any setting
on
| > AD
| > | > or
| > | > | on
| > | > | | > SBS server. As the screen shot point that you have some
problem
| > in
| > | > query
| > | > | | > user objects on DC.
| > | > | | >
| > | > | | > I appreciate your effort on this issue.
| > | > | | >
| > | > | | >
| > | > | | >
| > | > | | > Best regards,
| > | > | | >
| > | > | | > Charles Yang (MSFT)
| > | > | | >
| > | > | | > Microsoft CSS Online Newsgroup Support
| > | > | | >
| > | > | | > Get Secure! - www.microsoft.com/security
| > | > | | >
| > | > | | > ======================================================
| > | > | | > This newsgroup only focuses on SBS technical issues. If you
have
| > | > issues
| > | > | | > regarding other Microsoft products, you'd better post in the
| > | > | corresponding
| > | > | | > newsgroups so that they can be resolved in an efficient and
| > timely
| > | > | manner.
| > | > | | > You can locate the newsgroup here:
| > | > | | >
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | | >
| > | > | | > When opening a new thread via the web interface, we recommend
| > you
| > | > check
| > | > | | > the
| > | > | | > "Notify me of replies" box to receive e-mail notifications
when
| > | > there
| > | > | are
| > | > | | > any updates in your thread. When responding to posts via your
| > | > | newsreader,
| > | > | | > please "Reply to Group" so that others may learn and benefit
| > from
| > | > your
| > | > | | > issue.
| > | > | | >
| > | > | | > Microsoft engineers can only focus on one issue per thread.
| > Although
| > | > we
| > | > | | > provide other information for your reference, we recommend you
| > post
| > | > | | > different incidents in different threads to keep the thread
| > clean.
| > | > In
| > | > | | > doing
| > | > | | > so, it will ensure your issues are resolved in a timely
manner.
| > | > | | >
| > | > | | > For urgent issues, you may want to contact Microsoft CSS
| > directly.
| > | > | Please
| > | > | | > check http://support.microsoft.com for regional support phone
| > | > numbers.
| > | > | | >
| > | > | | > Any input or comments in this thread are highly appreciated.
| > | > | | > ======================================================
| > | > | | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | | > rights.
| > | > | | >
| > | > | | >
| > | > | | > =====================================================
| > | > | | > When responding to posts, please "Reply to Group" via your
| > | > newsreader
| > | > so
| > | > | | > that others may learn and benefit from your issue.
| > | > | | > =====================================================
| > | > | | >
| > | > | | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | | > rights.
| > | > | | >
| > | > | | > --------------------
| > | > | | > | From: "PG" <*@*.*>
| > | > | | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > | | > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > | | > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | > | | > | Subject: Re: SBS2003Premium Certification Authority from
| > HELL!!!
| > | > | | > | Date: Thu, 22 Sep 2005 09:31:33 +0100
| > | > | | > | Lines: 597
| > | > | | > | X-Priority: 3
| > | > | | > | X-MSMail-Priority: Normal
| > | > | | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | | > | X-RFC2646: Format=Flowed; Original
| > | > | | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | | > | Message-ID: <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > | > | | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | | > | NNTP-Posting-Host: 62.48.233.71
| > | > | | > | Path:
| > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| > | > | | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.windows.server.sbs:155493
| > | > | | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | | > |
| > | > | | > | Hi Charles,
| > | > | | > |
| > | > | | > | I started to go through the points you reffered bellow
and
| > on
| > | > the
| > | > | | > second
| > | > | | > | point(Permissions settings) everything checked out ok except
| > for
| > | > the
| > | > | | > | certificates templates permissions again, I'm unable to
change
| > | > | | > permissions
| > | > | | > | on some certificates, but others are ok! I'm sending you
some
| > | > | compressed
| > | > | | > | pictures to your e-mail so you can try and see if this is
| > normal,
| > | > or
| > | > | | > not.
| > | > | | > | I didn't want to continue following your suggestions(to
| > | > reinstall
| > | > | | > the
| > | > | | > | CA) before you had a look at the pictures I sent you.
| > | > | | > |
| > | > | | > | Thanks
| > | > | | > | PG
| > | > | | > |
| > | > | | > | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com>
wrote
| > in
| > | > | message
| > | > | | > | news:MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl...
| > | > | | > | > Hi,
| > | > | | > | >
| > | > | | > | > Thanks for updates.
| > | > | | > | >
| > | > | | > | > After carefully checking your log, we did not find any
| > relate
| > | > | | > information,
| > | > | | > | > please note that it might take some time to do the task.
| > | > | | > | >
| > | > | | > | > For this issue, I have some suggestion below:
| > | > | | > | >
| > | > | | > | > Can I assume that you want to set up the SBS 2003 premium
as
| > a
| > | > CA
| > | > | | > server,
| > | > | | > | > so that when user logon to website, they require the
| > | > certificate,
| > | > | | > which
| > | > | | > | > purpose you want to use for this certificate for VPN
issue
| > or
| > | > for
| > | > a
| > | > | | > | > website? From your log, it seems to be used for IPSec VPN.
| > | > | | > | >
| > | > | | > | > 1. Please change the website you use for web enrollment's
| > | > | | > authentication
| > | > | | > | > method from anonymous to Windows Authentication.
| > | > | | > | > 2. Please refer to the KB article below to check the
| > permission
| > | > | | > setting
| > | > | | > | > for
| > | > | | > | > CA, make sure that you have go through the article to
double
| > | > check
| > | > | it:
| > | > | | > | >
| > | > | | > | > Q239706 Default Permission Settings for Enterprise
| > Certificate
| > | > | | > Authority
| > | > | | > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US
| > | > | | > | >
| > | > | | > | > 3. If the issue still exists, please follow the steps to
| > | > reinstall
| > | > | the
| > | > | | > CA
| > | > | | > | > server:
| > | > | | > | >
| > | > | | > | > A. Opened regedit and went to HKLM\system\CCS\services
and
| > | > | deleted
| > | > | | > the
| > | > | | > | > certsrv key
| > | > | | > | > B. Opened the file system and deleted
| > c:\winnt\system32\certserv
| > | > | | > folder
| > | > | | > | > and
| > | > | | > | > contents
| > | > | | > | > C. Opened up AD sites and services and deleted and in
| > | > | services\public
| > | > | | > key
| > | > | | > | > services
| > | > | | > | >
| > | > | | > | > Please deleted all the contents of the containers leaving
| > the
| > | > empty
| > | > | | > | > containers with the exception of the templates container.
| > Note,
| > | > | please
| > | > | | > | > perform a backup for registry.
| > | > | | > | >
| > | > | | > | > If the issue still exist, you have to refer to the KB
| > article
| > | > below
| > | > | to
| > | > | | > | > change the log level of certificate then reproduce the
issue
| > | > check
| > | > | the
| > | > | | > | > event log again.
| > | > | | > | >
| > | > | | > | > 305018 How to Change the Event Logging Level for
Certificate
| > | > | Services
| > | > | | > | > http://support.microsoft.com/?id=305018
| > | > | | > | >
| > | > | | > | > Thanks for your efforts. I will be here waiting for
updates.
| > | > | | > | >
| > | > | | > | >
| > | > | | > | >
| > | > | | > | > Best regards,
| > | > | | > | >
| > | > | | > | > Charles Yang (MSFT)
| > | > | | > | >
| > | > | | > | > Microsoft CSS Online Newsgroup Support
| > | > | | > | >
| > | > | | > | > Get Secure! - www.microsoft.com/security
| > | > | | > | >
| > | > | | > | > ======================================================
| > | > | | > | > This newsgroup only focuses on SBS technical issues. If
you
| > have
| > | > | | > issues
| > | > | | > | > regarding other Microsoft products, you'd better post in
the
| > | > | | > corresponding
| > | > | | > | > newsgroups so that they can be resolved in an efficient
and
| > | > timely
| > | > | | > manner.
| > | > | | > | > You can locate the newsgroup here:
| > | > | | > | >
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | | > | >
| > | > | | > | > When opening a new thread via the web interface, we
| > recommend
| > | > you
| > | > | | > check
| > | > | | > | > the
| > | > | | > | > "Notify me of replies" box to receive e-mail notifications
| > when
| > | > | there
| > | > | | > are
| > | > | | > | > any updates in your thread. When responding to posts via
| > your
| > | > | | > newsreader,
| > | > | | > | > please "Reply to Group" so that others may learn and
benefit
| > | > from
| > | > | your
| > | > | | > | > issue.
| > | > | | > | >
| > | > | | > | > Microsoft engineers can only focus on one issue per
thread.
| > | > | Although
| > | > | | > we
| > | > | | > | > provide other information for your reference, we
recommend
| > you
| > | > post
| > | > | | > | > different incidents in different threads to keep the
thread
| > | > clean.
| > | > | In
| > | > | | > | > doing
| > | > | | > | > so, it will ensure your issues are resolved in a timely
| > manner.
| > | > | | > | >
| > | > | | > | > For urgent issues, you may want to contact Microsoft CSS
| > | > directly.
| > | > | | > Please
| > | > | | > | > check http://support.microsoft.com for regional support
| > phone
| > | > | numbers.
| > | > | | > | >
| > | > | | > | > Any input or comments in this thread are highly
appreciated.
| > | > | | > | > ======================================================
| > | > | | > | > This posting is provided "AS IS" with no warranties, and
| > confers
| > | > no
| > | > | | > | > rights.
| > | > | | > | >
| > | > | | > | >
| > | > | | > | > =====================================================
| > | > | | > | > When responding to posts, please "Reply to Group" via your
| > | > | newsreader
| > | > | | > so
| > | > | | > | > that others may learn and benefit from your issue.
| > | > | | > | > =====================================================
| > | > | | > | >
| > | > | | > | > This posting is provided "AS IS" with no warranties, and
| > confers
| > | > no
| > | > | | > | > rights.
| > | > | | > | >
| > | > | | > | > --------------------
| > | > | | > | > | From: "PG" <*@*.*>
| > | > | | > | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | | > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | | > | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | | > | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > | | > | > | Subject: Re: SBS2003Premium Certification Authority from
| > | > HELL!!!
| > | > | | > | > | Date: Wed, 21 Sep 2005 11:33:30 +0100
| > | > | | > | > | Lines: 401
| > | > | | > | > | X-Priority: 3
| > | > | | > | > | X-MSMail-Priority: Normal
| > | > | | > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | | > | > | X-RFC2646: Format=Flowed; Original
| > | > | | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | | > | > | Message-ID: <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > | | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | | > | > | NNTP-Posting-Host: 62.48.233.71
| > | > | | > | > | Path:
| > | > | | >
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| > | > | | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | | > microsoft.public.windows.server.sbs:155186
| > | > | | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | | > | > |
| > | > | | > | > | I've sent you the log's as you requested Charles...
| > | > | | > | > |
| > | > | | > | > | Thanks for the help
| > | > | | > | > |
| > | > | | > | > | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com>
| > wrote
| > | > in
| > | > | | > message
| > | > | | > | > | news:biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl...
| > | > | | > | > | > HI PG,
| > | > | | > | > | >
| > | > | | > | > | > Thanks for updates.
| > | > | | > | > | >
| > | > | | > | > | > In order to make the issue more clear, could you send
me
| > the
| > | > | | > | > application
| > | > | | > | > | > log and system event log so that we can isolate the
| > issue
| > | > more
| > | > | | > | > clearly,
| > | > | | > | > | > you
| > | > | | > | > | > can compress the log files and send to my mailbox.
| > | > | | > | > | >
| > | > | | > | > | > v-chayan(a)microsoft.com
| > | > | | > | > | >
| > | > | | > | > | > Thanks for your understanding.
| > | > | | > | > | >
| > | > | | > | > | >
| > | > | | > | > | >
| > | > | | > | > | > Best regards,
| > | > | | > | > | >
| > | > | | > | > | > Charles Yang (MSFT)
| > | > | | > | > | >
| > | > | | > | > | > Microsoft CSS Online Newsgroup Support
| > | > | | > | > | >
| > | > | | > | > | > Get Secure! - www.microsoft.com/security
| > | > | | > | > | >
| > | > | | > | > | > ======================================================
| > | > | | > | > | > This newsgroup only focuses on SBS technical issues.
If
| > you
| > | > have
| > | > | | > | > issues
| > | > | | > | > | > regarding other Microsoft products, you'd better post
in
| > the
| > | > | | > | > corresponding
| > | > | | > | > | > newsgroups so that they can be resolved in an
efficient
| > and
| > | > | timely
| > | > | | > | > manner.
| > | > | | > | > | > You can locate the newsgroup here:
| > | > | | > | > | >
| > | > | http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | | > | > | >
| > | > | | > | > | > When opening a new thread via the web interface, we
| > | > recommend
| > | > | you
| > | > | | > | > check
| > | > | | > | > | > the
| > | > | | > | > | > "Notify me of replies" box to receive e-mail
| > notifications
| > | > when
| > | > | | > there
| > | > | | > | > are
| > | > | | > | > | > any updates in your thread. When responding to posts
via
| > | > your
| > | > | | > | > newsreader,
| > | > | | > | > | > please "Reply to Group" so that others may learn and
| > benefit
| > | > | from
| > | > | | > your
| > | > | | > | > | > issue.
| > | > | | > | > | >
| > | > | | > | > | > Microsoft engineers can only focus on one issue per
| > thread.
| > | > | | > Although
| > | > | | > | > we
| > | > | | > | > | > provide other information for your reference, we
| > recommend
| > | > you
| > | > | | > post
| > | > | | > | > | > different incidents in different threads to keep the
| > thread
| > | > | clean.
| > | > | | > In
| > | > | | > | > | > doing
| > | > | | > | > | > so, it will ensure your issues are resolved in a
timely
| > | > manner.
| > | > | | > | > | >
| > | > | | > | > | > For urgent issues, you may want to contact Microsoft
CSS
| > | > | directly.
| > | > | | > | > Please
| > | > | | > | > | > check http://support.microsoft.com for regional
support
| > | > phone
| > | > | | > numbers.
| > | > | | > | > | >
| > | > | | > | > | > Any input or comments in this thread are highly
| > appreciated.
| > | > | | > | > | > ======================================================
| > | > | | > | > | > This posting is provided "AS IS" with no warranties,
and
| > | > | confers
| > | > | | > no
| > | > | | > | > | > rights.
| > | > | | > | > | >
| > | > | | > | > | >
| > | > | | > | > | > =====================================================
| > | > | | > | > | > When responding to posts, please "Reply to Group" via
| > your
| > | > | | > newsreader
| > | > | | > | > so
| > | > | | > | > | > that others may learn and benefit from your issue.
| > | > | | > | > | > =====================================================
| > | > | | > | > | >
| > | > | | > | > | > This posting is provided "AS IS" with no warranties,
and
| > | > | confers
| > | > | | > no
| > | > | | > | > | > rights.
| > | > | | > | > | >
| > | > | | > | > | > --------------------
| > | > | | > | > | > | From: "PG" <*@*.*>
| > | > | | > | > | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | | > | > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | | > | > | > | Subject: Re: SBS2003Premium Certification Authority
| > from
| > | > | HELL!!!
| > | > | | > | > | > | Date: Tue, 20 Sep 2005 13:28:25 +0100
| > | > | | > | > | > | Lines: 269
| > | > | | > | > | > | X-Priority: 3
| > | > | | > | > | > | X-MSMail-Priority: Normal
| > | > | | > | > | > | X-Newsreader: Microsoft Outlook Express
6.00.3790.1830
| > | > | | > | > | > | X-RFC2646: Format=Flowed; Original
| > | > | | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
| > V6.00.3790.1830
| > | > | | > | > | > | Message-ID: <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | | > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | | > | > | > | NNTP-Posting-Host: 62.48.233.71
| > | > | | > | > | > | Path:
| > | > | | > | >
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | > | | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | | > | > microsoft.public.windows.server.sbs:154800
| > | > | | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | | > | > | > |
| > | > | | > | > | > | Thanks for your reply Charles
| > | > | | > | > | > |
| > | > | | > | > | > | Responses to your questions follow, and are in line:
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | > | ""Charles Yang [MSFT]""
| > <v-chayan(a)online.microsoft.com>
| > | > wrote
| > | > | in
| > | > | | > | > message
| > | > | | > | > | > | news:tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl...
| > | > | | > | > | > | > HI PG,
| > | > | | > | > | > | >
| > | > | | > | > | > | > Welcome to SBS newsgroup.
| > | > | | > | > | > | >
| > | > | | > | > | > | > Issue description:
| > | > | | > | > | > | > ================
| > | > | | > | > | > | >
| > | > | | > | > | > | > I understand that you encountered some problem
when
| > | > using
| > | > | CA
| > | > | | > on
| > | > | | > | > SBS
| > | > | | > | > | > 2003
| > | > | | > | > | > | > premium.
| > | > | | > | > | > | >
| > | > | | > | > | > | > Analyzing and suggestions:
| > | > | | > | > | > | > ================
| > | > | | > | > | > | >
| > | > | | > | > | > | > Generally speaking, the error you encountered can
be
| > | > caused
| > | > | by
| > | > | | > | > many
| > | > | | > | > | > | > factors, in order to make the issue more clear,
| > please
| > | > | refer
| > | > | | > to
| > | > | | > my
| > | > | | > | > | > | > suggestions below to gather more information:
| > | > | | > | > | > | >
| > | > | | > | > | > | > 1. If possible, please send me the event log for
| > further
| > | > | | > research,
| > | > | | > | > it
| > | > | | > | > | > | > should include more information which can help us
| > | > determine
| > | > | | > which
| > | > | | > | > | > kinds
| > | > | | > | > | > of
| > | > | | > | > | > | > error you encountered, you can send the log files
to
| > my
| > | > | email
| > | > | | > box.
| > | > | | > | > | > | > v-chayan(a)microsoft.com.
| > | > | | > | > | > |
| > | > | | > | > | > | There is nothing recorded in the logs, when the
| > error's
| > | > occur.
| > | > | | > | > | > |
| > | > | | > | > | > | > 2. Does the issue occur from the client's
computer
| > or
| > | > from
| > | > | the
| > | > | | > | > server
| > | > | | > | > | > | > side?
| > | > | | > | > | > |
| > | > | | > | > | > | Both! It occur's when I request a certificate from
the
| > | > client
| > | > | | > and
| > | > | | > | > from
| > | > | | > | > | > the
| > | > | | > | > | > | server! :( Via Web request or MMC snap-in
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | > | >
| > | > | | > | > | > | >
| > | > | | > | > | > | > Let's first check the following:
| > | > | | > | > | > | >
| > | > | | > | > | > | > 1. Go to the CA Server, go to Services.msc
console,
| > make
| > | > | sure
| > | > | | > that
| > | > | | > | > the
| > | > | | > | > | > | > Certificate Service is started.
| > | > | | > | > | > |
| > | > | | > | > | > | Check
| > | > | | > | > | > |
| > | > | | > | > | > | > 2. Open Certificate Authority, make sure that it
can
| > be
| > | > | | > opened.
| > | > | | > | > | > |
| > | > | | > | > | > | Check
| > | > | | > | > | > |
| > | > | | > | > | > | > 3. If you are using Enterprise CA, go to the
| > Certificate
| > | > | | > Template
| > | > | | > | > in
| > | > | | > | > | > the
| > | > | | > | > | > | > Certificate Authority, make sure that necessary
| > | > Certificate
| > | > | | > | > Template
| > | > | | > | > | > is
| > | > | | > | > | > | > added and listed in the right panel.
| > | > | | > | > | > |
| > | > | | > | > | > | Check
| > | > | | > | > | > |
| > | > | | > | > | > | > 4. On the CA Server, click Start -> Run, type MMC
| > and
| > | > click
| > | > | | > OK.
| > | > | | > | > Click
| > | > | | > | > | > File
| > | > | | > | > | > | > -> Add/Remove Snap-in, click Add button, select
| > | > Certificate,
| > | > | | > click
| > | > | | > | > | > Add,
| > | > | | > | > | > | > select Computer Account and click next. Select
Local
| > | > | Computer,
| > | > | | > | > click
| > | > | | > | > | > | > Finish
| > | > | | > | > | > | > and then Close.
| > | > | | > | > | > |
| > | > | | > | > | > | Check
| > | > | | > | > | > |
| > | > | | > | > | > | > 5. Expand the Certificate (Local
| > | > | | > Computer)\Personal\Certificate,
| > | > | | > | > check
| > | > | | > | > | > if
| > | > | | > | > | > | > the Root certificate exists. It's 'issued by' and
| > | > 'issued
| > | > | to'
| > | > | | > | > should
| > | > | | > | > | > be
| > | > | | > | > | > | > itself. Then please check if the root certificate
is
| > | > still
| > | > | | > alive.
| > | > | | > | > If
| > | > | | > | > | > it
| > | > | | > | > | > is
| > | > | | > | > | > | > expired, right click the Certificate, select All
| > | > Tasks ->
| > | > | | > Renew
| > | > | | > | > | > | > Certificate
| > | > | | > | > | > | > with Same Key. Then renew the user certificate and
| > let
| > | > me
| > | > | know
| > | > | | > how
| > | > | | > | > | > | > everything is going.
| > | > | | > | > | > | > NOTE: Please check the Certificate Authority to
make
| > | > sure
| > | > | that
| > | > | | > | > these
| > | > | | > | > | > | > client
| > | > | | > | > | > | > certificate are not revoked before you renew the
| > | > | certificate.
| > | > | | > | > | > | >
| > | > | | > | > | > | > If the issue still exists, please check if the CA
| > | > computer
| > | > | | > where
| > | > | | > | > you
| > | > | | > | > | > start
| > | > | | > | > | > | > the Certificate Web Enrollment from is set to
trust
| > for
| > | > | | > | > delegation.
| > | > | | > | > To
| > | > | | > | > | > do
| > | > | | > | > | > | > so:
| > | > | | > | > | > | > 1. Log on as a domain administrator or equivalent
| > | > account.
| > | > | | > | > | > | > 2. Click Start, point to Programs, point to
| > | > Administrative
| > | > | | > Tools,
| > | > | | > | > and
| > | > | | > | > | > then
| > | > | | > | > | > | > click "Active Directory Users and Computers".
| > | > | | > | > | > | > 3. In the left pane, locate the container or
| > | > organizational
| > | > | | > unit
| > | > | | > | > (OU)
| > | > | | > | > | > on
| > | > | | > | > | > | > which you want to enable delegation.
| > | > | | > | > | > | > 4. Right-click the computer account name, and then
| > click
| > | > | | > | > Properties.
| > | > | | > | > | > | > 5. On the General tab, click Trust computer for
| > | > delegation.
| > | > | | > | > | > | > 6. Click OK.
| > | > | | > | > | > | > 7. Quit Active Directory Users and Computers.
| > | > | | > | > | > | >
| > | > | | > | > | > | > For more info, please refer to:
| > | > | | > | > | > | > 300867 Error Message: The Certification Authority
| > | > Service
| > | > | Has
| > | > | | > Not
| > | > | | > | > Been
| > | > | | > | > | > | > Started
| > | > | | > | > | > | > http://support.microsoft.com/?id=300867
| > | > | | > | > | > |
| > | > | | > | > | > | The certificate is alive until 16/9/2010! So I
didn't
| > | > renew
| > | > | it.
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | > | >
| > | > | | > | > | > | >
| > | > | | > | > | > | > This issue may also occur if the Domain Users
group
| > on
| > | > the
| > | > | | > child
| > | > | | > | > | > domain
| > | > | | > | > | > | > does not have the right to enroll a user
template.
| > To
| > | > have a
| > | > | | > | > check:
| > | > | | > | > | > | >
| > | > | | > | > | > | > 1. Logon to CA Server as Enterprise Administrator
| > | > | | > | > | > |
| > | > | | > | > | > | check
| > | > | | > | > | > |
| > | > | | > | > | > | > 2. Click Start, click Programs, click
Administrative
| > | > Tools,
| > | > | | > and
| > | > | | > | > then
| > | > | | > | > | > click
| > | > | | > | > | > | > the "Active Directory Sites and Services" snap-in.
| > | > | | > | > | > |
| > | > | | > | > | > | check
| > | > | | > | > | > |
| > | > | | > | > | > | > 3. In MMC, right-click the "Active Directory
Sites
| > and
| > | > | | > Services"
| > | > | | > | > | > snap-in,
| > | > | | > | > | > | > click View, and then click "Show Services Mode".
| > This
| > | > allows
| > | > | | > you
| > | > | | > | > to
| > | > | | > | > | > view
| > | > | | > | > | > | > the Services folder, which is hidden from view by
| > | > default.
| > | > | | > | > | > |
| > | > | | > | > | > | Check
| > | > | | > | > | > |
| > | > | | > | > | > | > 4. From the "Active Directory Sites and Services"
| > | > snap-in,
| > | > | | > click
| > | > | | > | > | > Services,
| > | > | | > | > | > | > click Public Key Services, and then click
| > Certificate
| > | > | | > Templates.
| > | > | | > | > This
| > | > | | > | > | > | > reveals the complete list of published certificate
| > | > | templates
| > | > | | > in
| > | > | | > | > Active
| > | > | | > | > | > | > Directory.
| > | > | | > | > | > |
| > | > | | > | > | > | Check
| > | > | | > | > | > |
| > | > | | > | > | > | > 5. Double-click the User certificate template to
| > view
| > | > the
| > | > | | > | > properties.
| > | > | | > | > | > |
| > | > | | > | > | > | Check
| > | > | | > | > | > |
| > | > | | > | > | > | > 6. On the Security tab, click Add to add the
Domain
| > | > Users
| > | > | | > group
| > | > | | > to
| > | > | | > | > the
| > | > | | > | > | > | > list.
| > | > | | > | > | > |
| > | > | | > | > | > | The group domain users wasn't there so I added it
| > | > | | > | > | > |
| > | > | | > | > | > | > 7. For the Domain Users group, select the Read and
| > | > Enroll
| > | > | | > rights.
| > | > | | > | > | > |
| > | > | | > | > | > | When I tryed to apply the changes it gave the
| > following
| > | > error:
| > | > | | > | > | > |
| > | > | | > | > | > | "Unable to save permission changes on
| > | > | | > | > | > |
| > LDAP://SBS2003PDC.CONTIMETRA.LOCAL/CN=USER,CN=CERTIFICATE
| > | > | | > | > | > | TEMPLATES,CN=PUBLIC KEY
| > | > | | > | > | > |
| > | > SERVICES,CN=SERVICES,CN=CONFIGURATION,DC=CONTIMETRA,DC=LOCAL
| > | > | | > | > | > |
| > | > | | > | > | > | ACCESS IS DENIED"
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | > | > 8. Restart the computer.
| > | > | | > | > | > |
| > | > | | > | > | > | Didn't do it because no changes were made!
| > | > | | > | > | > |
| > | > | | > | > | > | >
| > | > | | > | > | > | > For more info, please refer to:
| > | > | | > | > | > | > 271861 Windows Cannot Find a Certificate Authority
| > That
| > | > | | > Processes
| > | > | | > | > the
| > | > | | > | > | > | > Request
| > | > | | > | > | > | > http://support.microsoft.com/?id=271861
| > | > | | > | > | > | >
| > | > | | > | > | > | > NOTE: Request from MMC only works if it is a
| > Enterprise
| > | > CA.
| > | > | To
| > | > | | > | > stand
| > | > | | > | > | > alone
| > | > | | > | > | > | > CA, you must request certificate by WEB.
| > | > | | > | > | > | >
| > | > | | > | > | > | > I appreciate your understanding and please paste
| > your
| > | > | results
| > | > | | > as
| > | > | | > | > your
| > | > | | > | > | > | > convenience, It is important for us to isolate the
| > | > issue.
| > | > I
| > | > | am
| > | > | | > | > glad
| > | > | | > | > to
| > | > | | > | > | > | > help
| > | > | | > | > | > | > you.
| > | > | | > | > | > | >
| > | > | | > | > | > | >
| > | > | | > | > | > | >
| > | > | | > | > | > | > Best regards,
| > | > | | > | > | > | >
| > | > | | > | > | > | > Charles Yang (MSFT)
| > | > | | > | > | > | >
| > | > | | > | > | > | > Microsoft CSS Online Newsgroup Support
| > | > | | > | > | > | >
| > | > | | > | > | > | > Get Secure! - www.microsoft.com/security
| > | > | | > | > | > | >
| > | > | | > | > | > | >
| > ======================================================
| > | > | | > | > | > | > This newsgroup only focuses on SBS technical
issues.
| > If
| > | > you
| > | > | | > have
| > | > | | > | > | > issues
| > | > | | > | > | > | > regarding other Microsoft products, you'd better
| > post
| > in
| > | > the
| > | > | | > | > | > corresponding
| > | > | | > | > | > | > newsgroups so that they can be resolved in an
| > efficient
| > | > and
| > | > | | > timely
| > | > | | > | > | > manner.
| > | > | | > | > | > | > You can locate the newsgroup here:
| > | > | | > | > | > | >
| > | > | | >
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | | > | > | > | >
| > | > | | > | > | > | > When opening a new thread via the web interface,
we
| > | > | recommend
| > | > | | > you
| > | > | | > | > | > check
| > | > | | > | > | > | > the
| > | > | | > | > | > | > "Notify me of replies" box to receive e-mail
| > | > notifications
| > | > | | > when
| > | > | | > | > there
| > | > | | > | > | > are
| > | > | | > | > | > | > any updates in your thread. When responding to
posts
| > via
| > | > | your
| > | > | | > | > | > newsreader,
| > | > | | > | > | > | > please "Reply to Group" so that others may learn
and
| > | > benefit
| > | > | | > from
| > | > | | > | > your
| > | > | | > | > | > | > issue.
| > | > | | > | > | > | >
| > | > | | > | > | > | > Microsoft engineers can only focus on one issue
per
| > | > thread.
| > | > | | > | > Although
| > | > | | > | > | > we
| > | > | | > | > | > | > provide other information for your reference, we
| > | > recommend
| > | > | you
| > | > | | > | > post
| > | > | | > | > | > | > different incidents in different threads to keep
the
| > | > thread
| > | > | | > clean.
| > | > | | > | > In
| > | > | | > | > | > | > doing
| > | > | | > | > | > | > so, it will ensure your issues are resolved in a
| > timely
| > | > | | > manner.
| > | > | | > | > | > | >
| > | > | | > | > | > | > For urgent issues, you may want to contact
Microsoft
| > CSS
| > | > | | > directly.
| > | > | | > | > | > Please
| > | > | | > | > | > | > check http://support.microsoft.com for regional
| > support
| > | > | phone
| > | > | | > | > numbers.
| > | > | | > | > | > | >
| > | > | | > | > | > | > Any input or comments in this thread are highly
| > | > appreciated.
| > | > | | > | > | > | >
| > ======================================================
| > | > | | > | > | > | > This posting is provided "AS IS" with no
warranties,
| > and
| > | > | | > confers
| > | > | | > | > no
| > | > | | > | > | > | > rights.
| > | > | | > | > | > | >
| > | > | | > | > | > | >
| > | > | | > | > | > | >
| > =====================================================
| > | > | | > | > | > | > When responding to posts, please "Reply to Group"
| > via
| > | > your
| > | > | | > | > newsreader
| > | > | | > | > | > so
| > | > | | > | > | > | > that others may learn and benefit from your issue.
| > | > | | > | > | > | >
| > =====================================================
| > | > | | > | > | > | >
| > | > | | > | > | > | > This posting is provided "AS IS" with no
warranties,
| > and
| > | > | | > confers
| > | > | | > | > no
| > | > | | > | > | > | > rights.
| > | > | | > | > | > | >
| > | > | | > | > | > | > --------------------
| > | > | | > | > | > | > | From: "PG" <*@*.*>
| > | > | | > | > | > | > | Subject: SBS2003Premium Certification Authority
| > from
| > | > | HELL!!!
| > | > | | > | > | > | > | Date: Fri, 16 Sep 2005 11:35:46 +0100
| > | > | | > | > | > | > | Lines: 25
| > | > | | > | > | > | > | X-Priority: 3
| > | > | | > | > | > | > | X-MSMail-Priority: Normal
| > | > | | > | > | > | > | X-Newsreader: Microsoft Outlook Express
| > 6.00.3790.1830
| > | > | | > | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
| > | > V6.00.3790.1830
| > | > | | > | > | > | > | X-RFC2646: Format=Flowed; Original
| > | > | | > | > | > | > | Message-ID:
| > <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | | > | > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | | > | > | > | > | NNTP-Posting-Host: 62.48.233.71
| > | > | | > | > | > | > | Path:
| > | > | | > | > | >
| > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | > | | > | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | | > | > | > microsoft.public.windows.server.sbs:153926
| > | > | | > | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | | > | > | > | > |
| > | > | | > | > | > | > | Hi everybody,
| > | > | | > | > | > | > |
| > | > | | > | > | > | > | When I try to request a certificate from my
| > | > | Enterprise
| > | > | | > CA
| > | > | | > | > | > installed
| > | > | | > | > | > | > on
| > | > | | > | > | > | > | SBS2003Premium It gives the following error :"No
| > | > | certificate
| > | > | | > | > | > templates
| > | > | | > | > | > | > could
| > | > | | > | > | > | > | be found. You do not have permission to request
a
| > | > | | > certificate
| > | > | | > | > from
| > | > | | > | > | > this
| > | > | | > | > | > | > CA,
| > | > | | > | > | > | > | or an error occurred while accessing the Active
| > | > | Directory."
| > | > | | > I
| > | > | | > | > went
| > | > | | > | > | > and
| > | > | | > | > | > | > | search for a solution and found this microsoft
| > article
| > | > | | > | > | > | > |
| > | > | | > http://support.microsoft.com/default.aspx?scid=kb;en-us;811418
| > | > | | > | > that
| > | > | | > | > | > | > didn't
| > | > | | > | > | > | > | help because the name of the server is the same
in
| > the
| > | > | | > | > certdat.inc
| > | > | | > | > | > and
| > | > | | > | > | > | > in
| > | > | | > | > | > | > | the AD!!! :(
| > | > | | > | > | > | > |
| > | > | | > | > | > | > | When I go to the certification authority and
| > click
| > | > on
| > | > | | > | > "manage"
| > | > | | > | > | > on
| > | > | | > | > | > | > the
| > | > | | > | > | > | > | certificate templates, windows says that it
| > detected
| > | > that
| > | > | | > new
| > | > | | > | > | > | > certificate
| > | > | | > | > | > | > | templates should be installed, and ask if I
want
| > to
| > | > | install
| > | > | | > them
| > | > | | > | > | > now,
| > | > | | > | > | > | > and
| > | > | | > | > | > | > I
| > | > | | > | > | > | > | say "Yes", and gives an error saying "Windows
| > could
| > | > not
| > | > | | > install
| > | > | | > | > the
| > | > | | > | > | > new
| > | > | | > | > | > | > | certificate templates. Access is denied" :( I
| > doing
| > | > this
| > | > | as
| > | > | | > | > | > enterprise
| > | > | | > | > | > | > admin
| > | > | | > | > | > | > | and it says access denied!!!!! :( :(
| > | > | | > | > | > | > |
| > | > | | > | > | > | > | I've tryed to reinstall the CA and the
errors
| > are
| > | > | still
| > | > | | > the
| > | > | | > | > | > same!
| > | > | | > | > | > | > |
| > | > | | > | > | > | > | Can anyone help me with this issue, please?
| > | > | | > | > | > | > |
| > | > | | > | > | > | > | Thanks in advance for any help you can give
| > me....
| > | > | | > | > | > | > |
| > | > | | > | > | > | > |
| > | > | | > | > | > | > |
| > | > | | > | > | > | >
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | > |
| > | > | | > | > | >
| > | > | | > | > |
| > | > | | > | > |
| > | > | | > | > |
| > | > | | > | >
| > | > | | > |
| > | > | | > |
| > | > | | > |
| > | > | | >
| > | > | |
| > | > | |
| > | > | |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|

From: PG on
Hi Charles,

Just wanted to say that I finally fixed the problem thanks to your help.
I reinstalled the CA with the indications you gave bellow:

"3. If the issue still exists, please follow the steps to reinstall the CA
server:

A. Opened regedit and went to HKLM\system\CCS\services and deleted the
certsrv key
B. Opened the file system and deleted c:\winnt\system32\certserv folder and
contents
C. Opened up AD sites and services and deleted and in services\public key
services

Please deleted all the contents of the containers leaving the empty
containers with the exception of the templates container. Note, please
perform a backup for registry."

And all the templates have the correct permissions now, the error messages
no longer show, and I can now request certificates from this CA without any
problem.

Thanks for all your help...





""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in message
news:hNvuk0zwFHA.580(a)TK2MSFTNGXA01.phx.gbl...
> HI PG,
>
> It should be a so wired issue, if the issue is urgent it is your best
> interest to call CSS for supporter. I have also made research on this
> issue
> and also get some steps which might be helpful to you:
>
> 1. Make the certutil command that is part of Windows Server 2003 server
> available to your client computer.
> 2. Make sure that you are able to reach an enterprise CA. Calling certutil
> -dump shows all Enterprise CAs in your forest. You can also try to ping a
> specific CA with certutil -config [Machine\CAName] -ping
> Replace [Machine\CAName] with the "Config:" row from the certutil -dump
> output.
> 3. To verify template permissions, run the following command at your
> client: certutil -config [Machine\CAName] -catemplates
> The command-output shows a list of certificate templates that are attached
> to a specific CA. Make sure that you have at least for one certificate
> permissions.
> 4. Make sure that at least one of the certificate templates where you have
> enrollment permissions has set the option "Supply in the request" in the
> certificates template Subject Name tab. If you have permissions on a
> certificate but the Subject name is not built from Active Directory, your
> certificate request will fail.
> 5. Your client might not be able to verify the CA certificates validity.
> To
> check the CA certificate you must make the CA certificate available to
> your
> client computer. Perform the following command at your client:
> certutil -verify -URLfetch [CAcertificate]
>
> Replace CAcertificate with the filename of the CA certificate. Make sure
> that the CA certificate is verified successfully.
>
> Then try to repeat your steps to see if the issue can be clear, in
> addition
> please also make sure that your Enterprise AD did not belong to domain
> guest member group.
>
> Hope the above information helpful. I am sorry for any inconvenience on
> this issue.
>
>
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
> | From: "PG" <*@*.*>
> | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
> <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
> <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
> <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
> <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
> <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
> <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
> <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
> <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
> <34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
> <Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl>
> <Oi6nhtCwFHA.552(a)TK2MSFTNGP12.phx.gbl>
> <hCBwZJjwFHA.3244(a)TK2MSFTNGXA01.phx.gbl>
> | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
> | Date: Tue, 27 Sep 2005 08:52:36 +0100
> | Lines: 1415
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
> | X-RFC2646: Format=Flowed; Original
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
> | Message-ID: <uTRYvizwFHA.2076(a)TK2MSFTNGP14.phx.gbl>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: 62.48.233.71
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:156751
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hi Charles,
> |
> | Yes all the grey templates have permission issues. I cant add, or change
> the
> | permissions for those templates.
> |
> | And all my efforts where made has enterprise admin, to try and clear the
> | "access denied" problem... :(
> |
> | I really don't understand what went wrong with this Certification
> Authority.
> |
> | :(
> |
> | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in message
> | news:hCBwZJjwFHA.3244(a)TK2MSFTNGXA01.phx.gbl...
> | > HI PG,
> | >
> | > From your description, it seems a lot of template has the permission
> | > issue?
> | > Can I assume that all the permission of this grey template encountered
> the
> | > same issue when you try to change the permission and the permission
> the
> | > security section is not correct as I referred to?
> | >
> | > If so, I suggest you make sure that you logon the SBS server with
> | > Enterprise Admin, it seems to be the permission issue, if possible
> please
> | > make sure that you logon via Built-in Enterprise Admin to see if the
> | > problem can be cleared,
> | >
> | > Thanks for your effort.
> | >
> | >
> | >
> | > Best regards,
> | >
> | > Charles Yang (MSFT)
> | >
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have
> issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you
> check
> | > the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although
> we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> | > doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> | > rights.
> | >
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via your newsreader
> so
> | > that others may learn and benefit from your issue.
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
> | > rights.
> | >
> | > --------------------
> | > | From: "PG" <*@*.*>
> | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
> | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
> | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
> | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
> | > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
> | > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
> | > <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
> | > <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
> | > <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
> | > <34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
> | > <Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl>
> | > | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
> | > | Date: Fri, 23 Sep 2005 11:39:53 +0100
> | > | Lines: 1168
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
> | > | X-RFC2646: Format=Flowed; Original
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
> | > | Message-ID: <Oi6nhtCwFHA.552(a)TK2MSFTNGP12.phx.gbl>
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: 62.48.233.71
> | > | Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.sbs:155851
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | Hi Charles,
> | > |
> | > | I went to DCOMCNFG and on the Launch permission it was empty, and I
> | > added
> | > | Everyone with (Launch permission---Allow)
> | > | and in the Access permission it is everyone (Access
> permission---Allow),
> | > so
> | > | I didn't have to change it.
> | > | Could not find anything that refered to (Local Activation Remote
> | > Activation)
> | > | or (Local Access Remote Access) as you sayd. Only (Launch
> Permission)
> | > and
> | > | (Access Permission).
> | > |
> | > | After applying the changes to DCOM I tryed to request a certificate,
> and
> | > the
> | > | same error ocurred. Duplicated a Template and still the same error.
> :(
> | > | "No certificate templates could be found. You do not have permission
> to
> | > | request a certificate from this CA,or an error occurred while
> accessing
> | > the
> | > | Active Directory."
> | > |
> | > | In response to your question, all the certificates templates, from
> the
> | > | pictures I sent you, that are greyd out have permissions issues, and
> | > don't
> | > | let me add or change permissions for those certificates.
> | > |
> | > | :(
> | > |
> | > |
> | > | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in
> message
> | > | news:Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl...
> | > | > HI PG,
> | > | >
> | > | > Thanks for updates.
> | > | >
> | > | > After making research, I find solutions for you, please refer to
> the
> | > steps
> | > | > below:
> | > | >
> | > | > 1 Open DCOMCNFG
> | > | > 2- Select Componect Services
> | > | > ---Computers
> | > | > ----My Computer
> | > | > ------Dcom Config
> | > | > ---- CertSrv Request
> | > | > 3- Open properties and verify Security permission for Launch and
> | > | > Activation
> | > | > Permissions (Should be Customize --Everyone ---Local Activation
> Remote
> | > | > Activation)
> | > | >
> | > | > Access Permissions (Should be Customize -Everyone ---Local Access
> | > Remote
> | > | > Access)
> | > | >
> | > | > If the issue still exists, please recreate a certificate template
> to
> | > see
> | > | > if
> | > | > the issue can be resolved. You can try to request a certificate
> via
> a
> | > new
> | > | > template. From your screenshot we found only one of the template
> you
> | > | > encountered permission issue, can we assume it is the certificate
> | > template
> | > | > you use for the certificate?
> | > | >
> | > | > Thanks for understanding on this issue, please feel free to post
> back.
> | > | >
> | > | >
> | > | >
> | > | > Best regards,
> | > | >
> | > | > Charles Yang (MSFT)
> | > | >
> | > | > Microsoft CSS Online Newsgroup Support
> | > | >
> | > | > Get Secure! - www.microsoft.com/security
> | > | >
> | > | > ======================================================
> | > | > This newsgroup only focuses on SBS technical issues. If you have
> | > issues
> | > | > regarding other Microsoft products, you'd better post in the
> | > corresponding
> | > | > newsgroups so that they can be resolved in an efficient and timely
> | > manner.
> | > | > You can locate the newsgroup here:
> | > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | > | >
> | > | > When opening a new thread via the web interface, we recommend you
> | > check
> | > | > the
> | > | > "Notify me of replies" box to receive e-mail notifications when
> there
> | > are
> | > | > any updates in your thread. When responding to posts via your
> | > newsreader,
> | > | > please "Reply to Group" so that others may learn and benefit from
> your
> | > | > issue.
> | > | >
> | > | > Microsoft engineers can only focus on one issue per thread.
> Although
> | > we
> | > | > provide other information for your reference, we recommend you
> post
> | > | > different incidents in different threads to keep the thread clean.
> In
> | > | > doing
> | > | > so, it will ensure your issues are resolved in a timely manner.
> | > | >
> | > | > For urgent issues, you may want to contact Microsoft CSS directly.
> | > Please
> | > | > check http://support.microsoft.com for regional support phone
> numbers.
> | > | >
> | > | > Any input or comments in this thread are highly appreciated.
> | > | > ======================================================
> | > | > This posting is provided "AS IS" with no warranties, and confers
> no
> | > | > rights.
> | > | >
> | > | >
> | > | > =====================================================
> | > | > When responding to posts, please "Reply to Group" via your
> newsreader
> | > so
> | > | > that others may learn and benefit from your issue.
> | > | > =====================================================
> | > | >
> | > | > This posting is provided "AS IS" with no warranties, and confers
> no
> | > | > rights.
> | > | >
> | > | > --------------------
> | > | > | X-Tomcat-ID: 138385008
> | > | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
> | > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
> | > | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
> | > | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
> | > | > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
> | > | > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
> | > | > <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
> | > | > <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
> | > | > <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
> | > | > | MIME-Version: 1.0
> | > | > | Content-Type: text/plain
> | > | > | Content-Transfer-Encoding: 7bit
> | > | > | From: v-chayan(a)online.microsoft.com ("Charles Yang [MSFT]")
> | > | > | Organization: Microsoft
> | > | > | Date: Fri, 23 Sep 2005 08:54:33 GMT
> | > | > | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
> | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > | > | Message-ID: <34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | > | Lines: 797
> | > | > | Path: TK2MSFTNGXA01.phx.gbl
> | > | > | Xref: TK2MSFTNGXA01.phx.gbl
> | > microsoft.public.windows.server.sbs:155820
> | > | > | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
> | > | > |
> | > | > | HI PG,
> | > | > |
> | > | > | Currently, I am performing research on this issue, I will return
> to
> | > you
> | > | > as
> | > | > | soon as possible, please understand that it might be some delay
> due
> | > to
> | > | > the
> | > | > | weekend.
> | > | > |
> | > | > | Thanks for your understanding.
> | > | > |
> | > | > |
> | > | > | Best regards,
> | > | > |
> | > | > | Charles Yang (MSFT)
> | > | > |
> | > | > | Microsoft CSS Online Newsgroup Support
> | > | > |
> | > | > | Get Secure! - www.microsoft.com/security
> | > | > |
> | > | > | ======================================================
> | > | > | This newsgroup only focuses on SBS technical issues. If you have
> | > issues
> | > | > | regarding other Microsoft products, you'd better post in the
> | > | > corresponding
> | > | > | newsgroups so that they can be resolved in an efficient and
> timely
> | > | > manner.
> | > | > | You can locate the newsgroup here:
> | > | > |
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | > | > |
> | > | > | When opening a new thread via the web interface, we recommend
> you
> | > check
> | > | > the
> | > | > | "Notify me of replies" box to receive e-mail notifications when
> | > there
> | > | > are
> | > | > | any updates in your thread. When responding to posts via your
> | > | > newsreader,
> | > | > | please "Reply to Group" so that others may learn and benefit
> from
> | > your
> | > | > | issue.
> | > | > |
> | > | > | Microsoft engineers can only focus on one issue per thread.
> Although
> | > we
> | > | > | provide other information for your reference, we recommend you
> post
> | > | > | different incidents in different threads to keep the thread
> clean.
> | > In
> | > | > doing
> | > | > | so, it will ensure your issues are resolved in a timely manner.
> | > | > |
> | > | > | For urgent issues, you may want to contact Microsoft CSS
> directly.
> | > | > Please
> | > | > | check http://support.microsoft.com for regional support phone
> | > numbers.
> | > | > |
> | > | > | Any input or comments in this thread are highly appreciated.
> | > | > | ======================================================
> | > | > | This posting is provided "AS IS" with no warranties, and confers
> no
> | > | > rights.
> | > | > |
> | > | > |
> | > | > | =====================================================
> | > | > | When responding to posts, please "Reply to Group" via your
> | > newsreader
> | > so
> | > | > | that others may learn and benefit from your issue.
> | > | > | =====================================================
> | > | > |
> | > | > | This posting is provided "AS IS" with no warranties, and confers
> no
> | > | > rights.
> | > | > |
> | > | > | --------------------
> | > | > | | From: "PG" <*@*.*>
> | > | > | | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
> | > | > | <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
> | > | > | <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
> | > | > | <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
> | > | > | <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | | Subject: Re: SBS2003Premium Certification Authority from
> HELL!!!
> | > | > | | Date: Thu, 22 Sep 2005 11:32:11 +0100
> | > | > | | Lines: 785
> | > | > | | X-Priority: 3
> | > | > | | X-MSMail-Priority: Normal
> | > | > | | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
> | > | > | | X-RFC2646: Format=Flowed; Original
> | > | > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
> | > | > | | Message-ID: <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
> | > | > | | Newsgroups: microsoft.public.windows.server.sbs
> | > | > | | NNTP-Posting-Host: 62.48.233.71
> | > | > | | Path:
> | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
> | > | > | | Xref: TK2MSFTNGXA01.phx.gbl
> | > microsoft.public.windows.server.sbs:155518
> | > | > | | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > | > | |
> | > | > | | Hi Charles,
> | > | > | |
> | > | > | | 1. I sent all the logs you requested to your e-mail.
> | > | > | |
> | > | > | | 2. Done that also.
> | > | > | |
> | > | > | | 3. No changes done...that I can remember
> | > | > | |
> | > | > | | Thanks
> | > | > | |
> | > | > | | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote
> in
> | > | > message
> | > | > | | news:AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl...
> | > | > | | > Hi PG,
> | > | > | | >
> | > | > | | > After checking your screen shot, we decide to collect more
> | > | > information,
> | > | > | as
> | > | > | | > this issue should relate to AD setting:
> | > | > | | >
> | > | > | | > 1. Please send me all the event log except the application
> and
> | > | > system
> | > | > | | > event
> | > | > | | > log that you have already sent to me.
> | > | > | | > 2. please also run netdiag -v and dcdiag -v on the SBS
> server
> | > and
> | > | > send
> | > | > | the
> | > | > | | > results to me also.
> | > | > | | > 3. If possible, could you tell us if have changed any
> setting
> on
> | > AD
> | > | > or
> | > | > | on
> | > | > | | > SBS server. As the screen shot point that you have some
> problem
> | > in
> | > | > query
> | > | > | | > user objects on DC.
> | > | > | | >
> | > | > | | > I appreciate your effort on this issue.
> | > | > | | >
> | > | > | | >
> | > | > | | >
> | > | > | | > Best regards,
> | > | > | | >
> | > | > | | > Charles Yang (MSFT)
> | > | > | | >
> | > | > | | > Microsoft CSS Online Newsgroup Support
> | > | > | | >
> | > | > | | > Get Secure! - www.microsoft.com/security
> | > | > | | >
> | > | > | | > ======================================================
> | > | > | | > This newsgroup only focuses on SBS technical issues. If you
> have
> | > | > issues
> | > | > | | > regarding other Microsoft products, you'd better post in the
> | > | > | corresponding
> | > | > | | > newsgroups so that they can be resolved in an efficient and
> | > timely
> | > | > | manner.
> | > | > | | > You can locate the newsgroup here:
> | > | > | | >
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | > | > | | >
> | > | > | | > When opening a new thread via the web interface, we
> recommend
> | > you
> | > | > check
> | > | > | | > the
> | > | > | | > "Notify me of replies" box to receive e-mail notifications
> when
> | > | > there
> | > | > | are
> | > | > | | > any updates in your thread. When responding to posts via
> your
> | > | > | newsreader,
> | > | > | | > please "Reply to Group" so that others may learn and benefit
> | > from
> | > | > your
> | > | > | | > issue.
> | > | > | | >
> | > | > | | > Microsoft engineers can only focus on one issue per thread.
> | > Although
> | > | > we
> | > | > | | > provide other information for your reference, we recommend
> you
> | > post
> | > | > | | > different incidents in different threads to keep the thread
> | > clean.
> | > | > In
> | > | > | | > doing
> | > | > | | > so, it will ensure your issues are resolved in a timely
> manner.
> | > | > | | >
> | > | > | | > For urgent issues, you may want to contact Microsoft CSS
> | > directly.
> | > | > | Please
> | > | > | | > check http://support.microsoft.com for regional support
> phone
> | > | > numbers.
> | > | > | | >
> | > | > | | > Any input or comments in this thread are highly appreciated.
> | > | > | | > ======================================================
> | > | > | | > This posting is provided "AS IS" with no warranties, and
> confers
> | > no
> | > | > | | > rights.
> | > | > | | >
> | > | > | | >
> | > | > | | > =====================================================
> | > | > | | > When responding to posts, please "Reply to Group" via your
> | > | > newsreader
> | > | > so
> | > | > | | > that others may learn and benefit from your issue.
> | > | > | | > =====================================================
> | > | > | | >
> | > | > | | > This posting is provided "AS IS" with no warranties, and
> confers
> | > no
> | > | > | | > rights.
> | > | > | | >
> | > | > | | > --------------------
> | > | > | | > | From: "PG" <*@*.*>
> | > | > | | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
> | > | > | | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
> | > | > | | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | | > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
> | > | > | | > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | | > | Subject: Re: SBS2003Premium Certification Authority from
> | > HELL!!!
> | > | > | | > | Date: Thu, 22 Sep 2005 09:31:33 +0100
> | > | > | | > | Lines: 597
> | > | > | | > | X-Priority: 3
> | > | > | | > | X-MSMail-Priority: Normal
> | > | > | | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
> | > | > | | > | X-RFC2646: Format=Flowed; Original
> | > | > | | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
> | > | > | | > | Message-ID: <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
> | > | > | | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | > | | > | NNTP-Posting-Host: 62.48.233.71
> | > | > | | > | Path:
> | > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
> | > | > | | > | Xref: TK2MSFTNGXA01.phx.gbl
> | > | > microsoft.public.windows.server.sbs:155493
> | > | > | | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > | > | | > |
> | > | > | | > | Hi Charles,
> | > | > | | > |
> | > | > | | > | I started to go through the points you reffered bellow
> and
> | > on
> | > | > the
> | > | > | | > second
> | > | > | | > | point(Permissions settings) everything checked out ok
> except
> | > for
> | > | > the
> | > | > | | > | certificates templates permissions again, I'm unable to
> change
> | > | > | | > permissions
> | > | > | | > | on some certificates, but others are ok! I'm sending you
> some
> | > | > | compressed
> | > | > | | > | pictures to your e-mail so you can try and see if this is
> | > normal,
> | > | > or
> | > | > | | > not.
> | > | > | | > | I didn't want to continue following your
> suggestions(to
> | > | > reinstall
> | > | > | | > the
> | > | > | | > | CA) before you had a look at the pictures I sent you.
> | > | > | | > |
> | > | > | | > | Thanks
> | > | > | | > | PG
> | > | > | | > |
> | > | > | | > | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com>
> wrote
> | > in
> | > | > | message
> | > | > | | > | news:MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl...
> | > | > | | > | > Hi,
> | > | > | | > | >
> | > | > | | > | > Thanks for updates.
> | > | > | | > | >
> | > | > | | > | > After carefully checking your log, we did not find any
> | > relate
> | > | > | | > information,
> | > | > | | > | > please note that it might take some time to do the task.
> | > | > | | > | >
> | > | > | | > | > For this issue, I have some suggestion below:
> | > | > | | > | >
> | > | > | | > | > Can I assume that you want to set up the SBS 2003
> premium
> as
> | > a
> | > | > CA
> | > | > | | > server,
> | > | > | | > | > so that when user logon to website, they require the
> | > | > certificate,
> | > | > | | > which
> | > | > | | > | > purpose you want to use for this certificate for VPN
> issue
> | > or
> | > | > for
> | > | > a
> | > | > | | > | > website? From your log, it seems to be used for IPSec
> VPN.
> | > | > | | > | >
> | > | > | | > | > 1. Please change the website you use for web
> enrollment's
> | > | > | | > authentication
> | > | > | | > | > method from anonymous to Windows Authentication.
> | > | > | | > | > 2. Please refer to the KB article below to check the
> | > permission
> | > | > | | > setting
> | > | > | | > | > for
> | > | > | | > | > CA, make sure that you have go through the article to
> double
> | > | > check
> | > | > | it:
> | > | > | | > | >
> | > | > | | > | > Q239706 Default Permission Settings for Enterprise
> | > Certificate
> | > | > | | > Authority
> | > | > | | > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US
> | > | > | | > | >
> | > | > | | > | > 3. If the issue still exists, please follow the steps to
> | > | > reinstall
> | > | > | the
> | > | > | | > CA
> | > | > | | > | > server:
> | > | > | | > | >
> | > | > | | > | > A. Opened regedit and went to HKLM\system\CCS\services
> and
> | > | > | deleted
> | > | > | | > the
> | > | > | | > | > certsrv key
> | > | > | | > | > B. Opened the file system and deleted
> | > c:\winnt\system32\certserv
> | > | > | | > folder
> | > | > | | > | > and
> | > | > | | > | > contents
> | > | > | | > | > C. Opened up AD sites and services and deleted and in
> | > | > | services\public
> | > | > | | > key
> | > | > | | > | > services
> | > | > | | > | >
> | > | > | | > | > Please deleted all the contents of the containers
> leaving
> | > the
> | > | > empty
> | > | > | | > | > containers with the exception of the templates
> container.
> | > Note,
> | > | > | please
> | > | > | | > | > perform a backup for registry.
> | > | > | | > | >
> | > | > | | > | > If the issue still exist, you have to refer to the KB
> | > article
> | > | > below
> | > | > | to
> | > | > | | > | > change the log level of certificate then reproduce the
> issue
> | > | > check
> | > | > | the
> | > | > | | > | > event log again.
> | > | > | | > | >
> | > | > | | > | > 305018 How to Change the Event Logging Level for
> Certificate
> | > | > | Services
> | > | > | | > | > http://support.microsoft.com/?id=305018
> | > | > | | > | >
> | > | > | | > | > Thanks for your efforts. I will be here waiting for
> updates.
> | > | > | | > | >
> | > | > | | > | >
> | > | > | | > | >
> | > | > | | > | > Best regards,
> | > | > | | > | >
> | > | > | | > | > Charles Yang (MSFT)
> | > | > | | > | >
> | > | > | | > | > Microsoft CSS Online Newsgroup Support
> | > | > | | > | >
> | > | > | | > | > Get Secure! - www.microsoft.com/security
> | > | > | | > | >
> | > | > | | > | > ======================================================
> | > | > | | > | > This newsgroup only focuses on SBS technical issues. If
> you
> | > have
> | > | > | | > issues
> | > | > | | > | > regarding other Microsoft products, you'd better post in
> the
> | > | > | | > corresponding
> | > | > | | > | > newsgroups so that they can be resolved in an efficient
> and
> | > | > timely
> | > | > | | > manner.
> | > | > | | > | > You can locate the newsgroup here:
> | > | > | | > | >
> | > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | > | > | | > | >
> | > | > | | > | > When opening a new thread via the web interface, we
> | > recommend
> | > | > you
> | > | > | | > check
> | > | > | | > | > the
> | > | > | | > | > "Notify me of replies" box to receive e-mail
> notifications
> | > when
> | > | > | there
> | > | > | | > are
> | > | > | | > | > any updates in your thread. When responding to posts via
> | > your
> | > | > | | > newsreader,
> | > | > | | > | > please "Reply to Group" so that others may learn and
> benefit
> | > | > from
> | > | > | your
> | > | > | | > | > issue.
> | > | > | | > | >
> | > | > | | > | > Microsoft engineers can only focus on one issue per
> thread.
> | > | > | Although
> | > | > | | > we
> | > | > | | > | > provide other information for your reference, we
> recommend
> | > you
> | > | > post
> | > | > | | > | > different incidents in different threads to keep the
> thread
> | > | > clean.
> | > | > | In
> | > | > | | > | > doing
> | > | > | | > | > so, it will ensure your issues are resolved in a timely
> | > manner.
> | > | > | | > | >
> | > | > | | > | > For urgent issues, you may want to contact Microsoft CSS
> | > | > directly.
> | > | > | | > Please
> | > | > | | > | > check http://support.microsoft.com for regional support
> | > phone
> | > | > | numbers.
> | > | > | | > | >
> | > | > | | > | > Any input or comments in this thread are highly
> appreciated.
> | > | > | | > | > ======================================================
> | > | > | | > | > This posting is provided "AS IS" with no warranties, and
> | > confers
> | > | > no
> | > | > | | > | > rights.
> | > | > | | > | >
> | > | > | | > | >
> | > | > | | > | > =====================================================
> | > | > | | > | > When responding to posts, please "Reply to Group" via
> your
> | > | > | newsreader
> | > | > | | > so
> | > | > | | > | > that others may learn and benefit from your issue.
> | > | > | | > | > =====================================================
> | > | > | | > | >
> | > | > | | > | > This posting is provided "AS IS" with no warranties, and
> | > confers
> | > | > no
> | > | > | | > | > rights.
> | > | > | | > | >
> | > | > | | > | > --------------------
> | > | > | | > | > | From: "PG" <*@*.*>
> | > | > | | > | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
> | > | > | | > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | | > | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
> | > | > | | > | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | | > | > | Subject: Re: SBS2003Premium Certification Authority
> from
> | > | > HELL!!!
> | > | > | | > | > | Date: Wed, 21 Sep 2005 11:33:30 +0100
> | > | > | | > | > | Lines: 401
> | > | > | | > | > | X-Priority: 3
> | > | > | | > | > | X-MSMail-Priority: Normal
> | > | > | | > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
> | > | > | | > | > | X-RFC2646: Format=Flowed; Original
> | > | > | | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
> V6.00.3790.1830
> | > | > | | > | > | Message-ID: <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
> | > | > | | > | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | > | | > | > | NNTP-Posting-Host: 62.48.233.71
> | > | > | | > | > | Path:
> | > | > | | >
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
> | > | > | | > | > | Xref: TK2MSFTNGXA01.phx.gbl
> | > | > | | > microsoft.public.windows.server.sbs:155186
> | > | > | | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > | > | | > | > |
> | > | > | | > | > | I've sent you the log's as you requested Charles...
> | > | > | | > | > |
> | > | > | | > | > | Thanks for the help
> | > | > | | > | > |
> | > | > | | > | > | ""Charles Yang [MSFT]""
> <v-chayan(a)online.microsoft.com>
> | > wrote
> | > | > in
> | > | > | | > message
> | > | > | | > | > | news:biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl...
> | > | > | | > | > | > HI PG,
> | > | > | | > | > | >
> | > | > | | > | > | > Thanks for updates.
> | > | > | | > | > | >
> | > | > | | > | > | > In order to make the issue more clear, could you
> send
> me
> | > the
> | > | > | | > | > application
> | > | > | | > | > | > log and system event log so that we can isolate the
> | > issue
> | > | > more
> | > | > | | > | > clearly,
> | > | > | | > | > | > you
> | > | > | | > | > | > can compress the log files and send to my mailbox.
> | > | > | | > | > | >
> | > | > | | > | > | > v-chayan(a)microsoft.com
> | > | > | | > | > | >
> | > | > | | > | > | > Thanks for your understanding.
> | > | > | | > | > | >
> | > | > | | > | > | >
> | > | > | | > | > | >
> | > | > | | > | > | > Best regards,
> | > | > | | > | > | >
> | > | > | | > | > | > Charles Yang (MSFT)
> | > | > | | > | > | >
> | > | > | | > | > | > Microsoft CSS Online Newsgroup Support
> | > | > | | > | > | >
> | > | > | | > | > | > Get Secure! - www.microsoft.com/security
> | > | > | | > | > | >
> | > | > | | > | > | >
> ======================================================
> | > | > | | > | > | > This newsgroup only focuses on SBS technical issues.
> If
> | > you
> | > | > have
> | > | > | | > | > issues
> | > | > | | > | > | > regarding other Microsoft products, you'd better
> post
> in
> | > the
> | > | > | | > | > corresponding
> | > | > | | > | > | > newsgroups so that they can be resolved in an
> efficient
> | > and
> | > | > | timely
> | > | > | | > | > manner.
> | > | > | | > | > | > You can locate the newsgroup here:
> | > | > | | > | > | >
> | > | > |
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | > | > | | > | > | >
> | > | > | | > | > | > When opening a new thread via the web interface, we
> | > | > recommend
> | > | > | you
> | > | > | | > | > check
> | > | > | | > | > | > the
> | > | > | | > | > | > "Notify me of replies" box to receive e-mail
> | > notifications
> | > | > when
> | > | > | | > there
> | > | > | | > | > are
> | > | > | | > | > | > any updates in your thread. When responding to posts
> via
> | > | > your
> | > | > | | > | > newsreader,
> | > | > | | > | > | > please "Reply to Group" so that others may learn and
> | > benefit
> | > | > | from
> | > | > | | > your
> | > | > | | > | > | > issue.
> | > | > | | > | > | >
> | > | > | | > | > | > Microsoft engineers can only focus on one issue per
> | > thread.
> | > | > | | > Although
> | > | > | | > | > we
> | > | > | | > | > | > provide other information for your reference, we
> | > recommend
> | > | > you
> | > | > | | > post
> | > | > | | > | > | > different incidents in different threads to keep the
> | > thread
> | > | > | clean.
> | > | > | | > In
> | > | > | | > | > | > doing
> | > | > | | > | > | > so, it will ensure your issues are resolved in a
> timely
> | > | > manner.
> | > | > | | > | > | >
> | > | > | | > | > | > For urgent issues, you may want to contact Microsoft
> CSS
> | > | > | directly.
> | > | > | | > | > Please
> | > | > | | > | > | > check http://support.microsoft.com for regional
> support
> | > | > phone
> | > | > | | > numbers.
> | > | > | | > | > | >
> | > | > | | > | > | > Any input or comments in this thread are highly
> | > appreciated.
> | > | > | | > | > | >
> ======================================================
> | > | > | | > | > | > This posting is provided "AS IS" with no warranties,
> and
> | > | > | confers
> | > | > | | > no
> | > | > | | > | > | > rights.
> | > | > | | > | > | >
> | > | > | | > | > | >
> | > | > | | > | > | >
> =====================================================
> | > | > | | > | > | > When responding to posts, please "Reply to Group"
> via
> | > your
> | > | > | | > newsreader
> | > | > | | > | > so
> | > | > | | > | > | > that others may learn and benefit from your issue.
> | > | > | | > | > | >
> =====================================================
> | > | > | | > | > | >
> | > | > | | > | > | > This posting is provided "AS IS" with no warranties,
> and
> | > | > | confers
> | > | > | | > no
> | > | > | | > | > | > rights.
> | > | > | | > | > | >
> | > | > | | > | > | > --------------------
> | > | > | | > | > | > | From: "PG" <*@*.*>
> | > | > | | > | > | > | References:
> <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
> | > | > | | > | > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
> | > | > | | > | > | > | Subject: Re: SBS2003Premium Certification
> Authority
> | > from
> | > | > | HELL!!!
> | > | > | | > | > | > | Date: Tue, 20 Sep 2005 13:28:25 +0100
> | > | > | | > | > | > | Lines: 269
> | > | > | | > | > | > | X-Priority: 3
> | > | > | | > | > | > | X-MSMail-Priority: Normal
> | > | > | | > | > | > | X-Newsreader: Microsoft Outlook Express
> 6.00.3790.1830
> | > | > | | > | > | > | X-RFC2646: Format=Flowed; Original
> | > | > | | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
> | > V6.00.3790.1830
> | > | > | | > | > | > | Message-ID:
> <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
> | > | > | | > | > | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | > | | > | > | > | NNTP-Posting-Host: 62.48.233.71
> | > | > | | > | > | > | Path:
> | > | > | | > | >
> | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> | > | > | | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
> | > | > | | > | > microsoft.public.windows.server.sbs:154800
> | > | > | | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > | > | | > | > | > |
> | > | > | | > | > | > | Thanks for your reply Charles
> | > | > | | > | > | > |
> | > | > | | > | > | > | Responses to your questions follow, and are in
> line:
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | > | ""Charles Yang [MSFT]""
> | > <v-chayan(a)online.microsoft.com>
> | > | > wrote
> | > | > | in
> | > | > | | > | > message
> | > | > | | > | > | > | news:tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl...
> | > | > | | > | > | > | > HI PG,
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Welcome to SBS newsgroup.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Issue description:
> | > | > | | > | > | > | > ================
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > I understand that you encountered some problem
> when
> | > | > using
> | > | > | CA
> | > | > | | > on
> | > | > | | > | > SBS
> | > | > | | > | > | > 2003
> | > | > | | > | > | > | > premium.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Analyzing and suggestions:
> | > | > | | > | > | > | > ================
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Generally speaking, the error you encountered
> can
> be
> | > | > caused
> | > | > | by
> | > | > | | > | > many
> | > | > | | > | > | > | > factors, in order to make the issue more clear,
> | > please
> | > | > | refer
> | > | > | | > to
> | > | > | | > my
> | > | > | | > | > | > | > suggestions below to gather more information:
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > 1. If possible, please send me the event log for
> | > further
> | > | > | | > research,
> | > | > | | > | > it
> | > | > | | > | > | > | > should include more information which can help
> us
> | > | > determine
> | > | > | | > which
> | > | > | | > | > | > kinds
> | > | > | | > | > | > of
> | > | > | | > | > | > | > error you encountered, you can send the log
> files
> to
> | > my
> | > | > | email
> | > | > | | > box.
> | > | > | | > | > | > | > v-chayan(a)microsoft.com.
> | > | > | | > | > | > |
> | > | > | | > | > | > | There is nothing recorded in the logs, when the
> | > error's
> | > | > occur.
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 2. Does the issue occur from the client's
> computer
> | > or
> | > | > from
> | > | > | the
> | > | > | | > | > server
> | > | > | | > | > | > | > side?
> | > | > | | > | > | > |
> | > | > | | > | > | > | Both! It occur's when I request a certificate from
> the
> | > | > client
> | > | > | | > and
> | > | > | | > | > from
> | > | > | | > | > | > the
> | > | > | | > | > | > | server! :( Via Web request or MMC snap-in
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | > | >
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Let's first check the following:
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > 1. Go to the CA Server, go to Services.msc
> console,
> | > make
> | > | > | sure
> | > | > | | > that
> | > | > | | > | > the
> | > | > | | > | > | > | > Certificate Service is started.
> | > | > | | > | > | > |
> | > | > | | > | > | > | Check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 2. Open Certificate Authority, make sure that it
> can
> | > be
> | > | > | | > opened.
> | > | > | | > | > | > |
> | > | > | | > | > | > | Check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 3. If you are using Enterprise CA, go to the
> | > Certificate
> | > | > | | > Template
> | > | > | | > | > in
> | > | > | | > | > | > the
> | > | > | | > | > | > | > Certificate Authority, make sure that necessary
> | > | > Certificate
> | > | > | | > | > Template
> | > | > | | > | > | > is
> | > | > | | > | > | > | > added and listed in the right panel.
> | > | > | | > | > | > |
> | > | > | | > | > | > | Check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 4. On the CA Server, click Start -> Run, type
> MMC
> | > and
> | > | > click
> | > | > | | > OK.
> | > | > | | > | > Click
> | > | > | | > | > | > File
> | > | > | | > | > | > | > -> Add/Remove Snap-in, click Add button, select
> | > | > Certificate,
> | > | > | | > click
> | > | > | | > | > | > Add,
> | > | > | | > | > | > | > select Computer Account and click next. Select
> Local
> | > | > | Computer,
> | > | > | | > | > click
> | > | > | | > | > | > | > Finish
> | > | > | | > | > | > | > and then Close.
> | > | > | | > | > | > |
> | > | > | | > | > | > | Check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 5. Expand the Certificate (Local
> | > | > | | > Computer)\Personal\Certificate,
> | > | > | | > | > check
> | > | > | | > | > | > if
> | > | > | | > | > | > | > the Root certificate exists. It's 'issued by'
> and
> | > | > 'issued
> | > | > | to'
> | > | > | | > | > should
> | > | > | | > | > | > be
> | > | > | | > | > | > | > itself. Then please check if the root
> certificate
> is
> | > | > still
> | > | > | | > alive.
> | > | > | | > | > If
> | > | > | | > | > | > it
> | > | > | | > | > | > is
> | > | > | | > | > | > | > expired, right click the Certificate, select All
> | > | > Tasks ->
> | > | > | | > Renew
> | > | > | | > | > | > | > Certificate
> | > | > | | > | > | > | > with Same Key. Then renew the user certificate
> and
> | > let
> | > | > me
> | > | > | know
> | > | > | | > how
> | > | > | | > | > | > | > everything is going.
> | > | > | | > | > | > | > NOTE: Please check the Certificate Authority to
> make
> | > | > sure
> | > | > | that
> | > | > | | > | > these
> | > | > | | > | > | > | > client
> | > | > | | > | > | > | > certificate are not revoked before you renew the
> | > | > | certificate.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > If the issue still exists, please check if the
> CA
> | > | > computer
> | > | > | | > where
> | > | > | | > | > you
> | > | > | | > | > | > start
> | > | > | | > | > | > | > the Certificate Web Enrollment from is set to
> trust
> | > for
> | > | > | | > | > delegation.
> | > | > | | > | > To
> | > | > | | > | > | > do
> | > | > | | > | > | > | > so:
> | > | > | | > | > | > | > 1. Log on as a domain administrator or
> equivalent
> | > | > account.
> | > | > | | > | > | > | > 2. Click Start, point to Programs, point to
> | > | > Administrative
> | > | > | | > Tools,
> | > | > | | > | > and
> | > | > | | > | > | > then
> | > | > | | > | > | > | > click "Active Directory Users and Computers".
> | > | > | | > | > | > | > 3. In the left pane, locate the container or
> | > | > organizational
> | > | > | | > unit
> | > | > | | > | > (OU)
> | > | > | | > | > | > on
> | > | > | | > | > | > | > which you want to enable delegation.
> | > | > | | > | > | > | > 4. Right-click the computer account name, and
> then
> | > click
> | > | > | | > | > Properties.
> | > | > | | > | > | > | > 5. On the General tab, click Trust computer for
> | > | > delegation.
> | > | > | | > | > | > | > 6. Click OK.
> | > | > | | > | > | > | > 7. Quit Active Directory Users and Computers.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > For more info, please refer to:
> | > | > | | > | > | > | > 300867 Error Message: The Certification
> Authority
> | > | > Service
> | > | > | Has
> | > | > | | > Not
> | > | > | | > | > Been
> | > | > | | > | > | > | > Started
> | > | > | | > | > | > | > http://support.microsoft.com/?id=300867
> | > | > | | > | > | > |
> | > | > | | > | > | > | The certificate is alive until 16/9/2010! So I
> didn't
> | > | > renew
> | > | > | it.
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | > | >
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > This issue may also occur if the Domain Users
> group
> | > on
> | > | > the
> | > | > | | > child
> | > | > | | > | > | > domain
> | > | > | | > | > | > | > does not have the right to enroll a user
> template.
> | > To
> | > | > have a
> | > | > | | > | > check:
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > 1. Logon to CA Server as Enterprise
> Administrator
> | > | > | | > | > | > |
> | > | > | | > | > | > | check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 2. Click Start, click Programs, click
> Administrative
> | > | > Tools,
> | > | > | | > and
> | > | > | | > | > then
> | > | > | | > | > | > click
> | > | > | | > | > | > | > the "Active Directory Sites and Services"
> snap-in.
> | > | > | | > | > | > |
> | > | > | | > | > | > | check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 3. In MMC, right-click the "Active Directory
> Sites
> | > and
> | > | > | | > Services"
> | > | > | | > | > | > snap-in,
> | > | > | | > | > | > | > click View, and then click "Show Services Mode".
> | > This
> | > | > allows
> | > | > | | > you
> | > | > | | > | > to
> | > | > | | > | > | > view
> | > | > | | > | > | > | > the Services folder, which is hidden from view
> by
> | > | > default.
> | > | > | | > | > | > |
> | > | > | | > | > | > | Check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 4. From the "Active Directory Sites and
> Services"
> | > | > snap-in,
> | > | > | | > click
> | > | > | | > | > | > Services,
> | > | > | | > | > | > | > click Public Key Services, and then click
> | > Certificate
> | > | > | | > Templates.
> | > | > | | > | > This
> | > | > | | > | > | > | > reveals the complete list of published
> certificate
> | > | > | templates
> | > | > | | > in
> | > | > | | > | > Active
> | > | > | | > | > | > | > Directory.
> | > | > | | > | > | > |
> | > | > | | > | > | > | Check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 5. Double-click the User certificate template to
> | > view
> | > | > the
> | > | > | | > | > properties.
> | > | > | | > | > | > |
> | > | > | | > | > | > | Check
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 6. On the Security tab, click Add to add the
> Domain
> | > | > Users
> | > | > | | > group
> | > | > | | > to
> | > | > | | > | > the
> | > | > | | > | > | > | > list.
> | > | > | | > | > | > |
> | > | > | | > | > | > | The group domain users wasn't there so I added it
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 7. For the Domain Users group, select the Read
> and
> | > | > Enroll
> | > | > | | > rights.
> | > | > | | > | > | > |
> | > | > | | > | > | > | When I tryed to apply the changes it gave the
> | > following
> | > | > error:
> | > | > | | > | > | > |
> | > | > | | > | > | > | "Unable to save permission changes on
> | > | > | | > | > | > |
> | > LDAP://SBS2003PDC.CONTIMETRA.LOCAL/CN=USER,CN=CERTIFICATE
> | > | > | | > | > | > | TEMPLATES,CN=PUBLIC KEY
> | > | > | | > | > | > |
> | > | > SERVICES,CN=SERVICES,CN=CONFIGURATION,DC=CONTIMETRA,DC=LOCAL
> | > | > | | > | > | > |
> | > | > | | > | > | > | ACCESS IS DENIED"
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | > | > 8. Restart the computer.
> | > | > | | > | > | > |
> | > | > | | > | > | > | Didn't do it because no changes were made!
> | > | > | | > | > | > |
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > For more info, please refer to:
> | > | > | | > | > | > | > 271861 Windows Cannot Find a Certificate
> Authority
> | > That
> | > | > | | > Processes
> | > | > | | > | > the
> | > | > | | > | > | > | > Request
> | > | > | | > | > | > | > http://support.microsoft.com/?id=271861
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > NOTE: Request from MMC only works if it is a
> | > Enterprise
> | > | > CA.
> | > | > | To
> | > | > | | > | > stand
> | > | > | | > | > | > alone
> | > | > | | > | > | > | > CA, you must request certificate by WEB.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > I appreciate your understanding and please paste
> | > your
> | > | > | results
> | > | > | | > as
> | > | > | | > | > your
> | > | > | | > | > | > | > convenience, It is important for us to isolate
> the
> | > | > issue.
> | > | > I
> | > | > | am
> | > | > | | > | > glad
> | > | > | | > | > to
> | > | > | | > | > | > | > help
> | > | > | | > | > | > | > you.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | >
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Best regards,
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Charles Yang (MSFT)
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Microsoft CSS Online Newsgroup Support
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Get Secure! - www.microsoft.com/security
> | > | > | | > | > | > | >
> | > | > | | > | > | > | >
> | > ======================================================
> | > | > | | > | > | > | > This newsgroup only focuses on SBS technical
> issues.
> | > If
> | > | > you
> | > | > | | > have
> | > | > | | > | > | > issues
> | > | > | | > | > | > | > regarding other Microsoft products, you'd better
> | > post
> | > in
> | > | > the
> | > | > | | > | > | > corresponding
> | > | > | | > | > | > | > newsgroups so that they can be resolved in an
> | > efficient
> | > | > and
> | > | > | | > timely
> | > | > | | > | > | > manner.
> | > | > | | > | > | > | > You can locate the newsgroup here:
> | > | > | | > | > | > | >
> | > | > | | >
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > When opening a new thread via the web interface,
> we
> | > | > | recommend
> | > | > | | > you
> | > | > | | > | > | > check
> | > | > | | > | > | > | > the
> | > | > | | > | > | > | > "Notify me of replies" box to receive e-mail
> | > | > notifications
> | > | > | | > when
> | > | > | | > | > there
> | > | > | | > | > | > are
> | > | > | | > | > | > | > any updates in your thread. When responding to
> posts
> | > via
> | > | > | your
> | > | > | | > | > | > newsreader,
> | > | > | | > | > | > | > please "Reply to Group" so that others may learn
> and
> | > | > benefit
> | > | > | | > from
> | > | > | | > | > your
> | > | > | | > | > | > | > issue.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Microsoft engineers can only focus on one issue
> per
> | > | > thread.
> | > | > | | > | > Although
> | > | > | | > | > | > we
> | > | > | | > | > | > | > provide other information for your reference, we
> | > | > recommend
> | > | > | you
> | > | > | | > | > post
> | > | > | | > | > | > | > different incidents in different threads to keep
> the
> | > | > thread
> | > | > | | > clean.
> | > | > | | > | > In
> | > | > | | > | > | > | > doing
> | > | > | | > | > | > | > so, it will ensure your issues are resolved in a
> | > timely
> | > | > | | > manner.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > For urgent issues, you may want to contact
> Microsoft
> | > CSS
> | > | > | | > directly.
> | > | > | | > | > | > Please
> | > | > | | > | > | > | > check http://support.microsoft.com for regional
> | > support
> | > | > | phone
> | > | > | | > | > numbers.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > Any input or comments in this thread are highly
> | > | > appreciated.
> | > | > | | > | > | > | >
> | > ======================================================
> | > | > | | > | > | > | > This posting is provided "AS IS" with no
> warranties,
> | > and
> | > | > | | > confers
> | > | > | | > | > no
> | > | > | | > | > | > | > rights.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | >
> | > | > | | > | > | > | >
> | > =====================================================
> | > | > | | > | > | > | > When responding to posts, please "Reply to
> Group"
> | > via
> | > | > your
> | > | > | | > | > newsreader
> | > | > | | > | > | > so
> | > | > | | > | > | > | > that others may learn and benefit from your
> issue.
> | > | > | | > | > | > | >
> | > =====================================================
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > This posting is provided "AS IS" with no
> warranties,
> | > and
> | > | > | | > confers
> | > | > | | > | > no
> | > | > | | > | > | > | > rights.
> | > | > | | > | > | > | >
> | > | > | | > | > | > | > --------------------
> | > | > | | > | > | > | > | From: "PG" <*@*.*>
> | > | > | | > | > | > | > | Subject: SBS2003Premium Certification
> Authority
> | > from
> | > | > | HELL!!!
> | > | > | | > | > | > | > | Date: Fri, 16 Sep 2005 11:35:46 +0100
> | > | > | | > | > | > | > | Lines: 25
> | > | > | | > | > | > | > | X-Priority: 3
> | > | > | | > | > | > | > | X-MSMail-Priority: Normal
> | > | > | | > | > | > | > | X-Newsreader: Microsoft Outlook Express
> | > 6.00.3790.1830
> | > | > | | > | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
> | > | > V6.00.3790.1830
> | > | > | | > | > | > | > | X-RFC2646: Format=Flowed; Original
> | > | > | | > | > | > | > | Message-ID:
> | > <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
> | > | > | | > | > | > | > | Newsgroups:
> microsoft.public.windows.server.sbs
> | > | > | | > | > | > | > | NNTP-Posting-Host: 62.48.233.71
> | > | > | | > | > | > | > | Path:
> | > | > | | > | > | >
> | > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> | > | > | | > | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
> | > | > | | > | > | > microsoft.public.windows.server.sbs:153926
> | > | > | | > | > | > | > | X-Tomcat-NG:
> microsoft.public.windows.server.sbs
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | > | Hi everybody,
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | > | When I try to request a certificate from
> my
> | > | > | Enterprise
> | > | > | | > CA
> | > | > | | > | > | > installed
> | > | > | | > | > | > | > on
> | > | > | | > | > | > | > | SBS2003Premium It gives the following error
> :"No
> | > | > | certificate
> | > | > | | > | > | > templates
> | > | > | | > | > | > | > could
> | > | > | | > | > | > | > | be found. You do not have permission to
> request
> a
> | > | > | | > certificate
> | > | > | | > | > from
> | > | > | | > | > | > this
> | > | > | | > | > | > | > CA,
> | > | > | | > | > | > | > | or an error occurred while accessing the
> Active
> | > | > | Directory."
> | > | > | | > I
> | > | > | | > | > went
> | > | > | | > | > | > and
> | > | > | | > | > | > | > | search for a solution and found this microsoft
> | > article
> | > | > | | > | > | > | > |
> | > | > | | >
> http://support.microsoft.com/default.aspx?scid=kb;en-us;811418
> | > | > | | > | > that
> | > | > | | > | > | > | > didn't
> | > | > | | > | > | > | > | help because the name of the server is the
> same
> in
> | > the
> | > | > | | > | > certdat.inc
> | > | > | | > | > | > and
> | > | > | | > | > | > | > in
> | > | > | | > | > | > | > | the AD!!! :(
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | > | When I go to the certification authority
> and
> | > click
> | > | > on
> | > | > | | > | > "manage"
> | > | > | | > | > | > on
> | > | > | | > | > | > | > the
> | > | > | | > | > | > | > | certificate templates, windows says that it
> | > detected
> | > | > that
> | > | > | | > new
> | > | > | | > | > | > | > certificate
> | > | > | | > | > | > | > | templates should be installed, and ask if I
> want
> | > to
> | > | > | install
> | > | > | | > them
> | > | > | | > | > | > now,
> | > | > | | > | > | > | > and
> | > | > | | > | > | > | > I
> | > | > | | > | > | > | > | say "Yes", and gives an error saying "Windows
> | > could
> | > | > not
> | > | > | | > install
> | > | > | | > | > the
> | > | > | | > | > | > new
> | > | > | | > | > | > | > | certificate templates. Access is denied" :( I
> | > doing
> | > | > this
> | > | > | as
> | > | > | | > | > | > enterprise
> | > | > | | > | > | > | > admin
> | > | > | | > | > | > | > | and it says access denied!!!!! :( :(
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | > | I've tryed to reinstall the CA and the
> errors
> | > are
> | > | > | still
> | > | > | | > the
> | > | > | | > | > | > same!
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | > | Can anyone help me with this issue,
> please?
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | > | Thanks in advance for any help you can
> give
> | > me....
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | > |
> | > | > | | > | > | > | >
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | > |
> | > | > | | > | > | >
> | > | > | | > | > |
> | > | > | | > | > |
> | > | > | | > | > |
> | > | > | | > | >
> | > | > | | > |
> | > | > | | > |
> | > | > | | > |
> | > | > | | >
> | > | > | |
> | > | > | |
> | > | > | |
> | > | > |
> | > | > |
> | > | >
> | > |
> | > |
> | > |
> | >
> |
> |
> |
>


From: "Charles Yang [MSFT]" on
HI PG,

I am glad to hear that you have resolved the issue finally. Thanks a lot
for your effort on this issue. Please feel free to use the SBS newsgroup;
you may have more good sharing here.

We are glad to be any further assistance.

Have a nice day!



Best regards,

Charles Yang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "PG" <*@*.*>
| References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
<tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
<OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
<biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
<#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
<MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
<u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
<AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
<#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
<34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
<Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl>
<Oi6nhtCwFHA.552(a)TK2MSFTNGP12.phx.gbl>
<hCBwZJjwFHA.3244(a)TK2MSFTNGXA01.phx.gbl>
<uTRYvizwFHA.2076(a)TK2MSFTNGP14.phx.gbl>
<hNvuk0zwFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| Date: Mon, 3 Oct 2005 13:25:35 +0100
| Lines: 1755
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Message-ID: <OWoBWXByFHA.2312(a)TK2MSFTNGP14.phx.gbl>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 62.48.233.71
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:158210
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Charles,
|
| Just wanted to say that I finally fixed the problem thanks to your
help.
| I reinstalled the CA with the indications you gave bellow:
|
| "3. If the issue still exists, please follow the steps to reinstall the CA
| server:
|
| A. Opened regedit and went to HKLM\system\CCS\services and deleted the
| certsrv key
| B. Opened the file system and deleted c:\winnt\system32\certserv folder
and
| contents
| C. Opened up AD sites and services and deleted and in services\public key
| services
|
| Please deleted all the contents of the containers leaving the empty
| containers with the exception of the templates container. Note, please
| perform a backup for registry."
|
| And all the templates have the correct permissions now, the error
messages
| no longer show, and I can now request certificates from this CA without
any
| problem.
|
| Thanks for all your help...
|
|
|
|
|
| ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in message
| news:hNvuk0zwFHA.580(a)TK2MSFTNGXA01.phx.gbl...
| > HI PG,
| >
| > It should be a so wired issue, if the issue is urgent it is your best
| > interest to call CSS for supporter. I have also made research on this
| > issue
| > and also get some steps which might be helpful to you:
| >
| > 1. Make the certutil command that is part of Windows Server 2003 server
| > available to your client computer.
| > 2. Make sure that you are able to reach an enterprise CA. Calling
certutil
| > -dump shows all Enterprise CAs in your forest. You can also try to ping
a
| > specific CA with certutil -config [Machine\CAName] -ping
| > Replace [Machine\CAName] with the "Config:" row from the certutil -dump
| > output.
| > 3. To verify template permissions, run the following command at your
| > client: certutil -config [Machine\CAName] -catemplates
| > The command-output shows a list of certificate templates that are
attached
| > to a specific CA. Make sure that you have at least for one certificate
| > permissions.
| > 4. Make sure that at least one of the certificate templates where you
have
| > enrollment permissions has set the option "Supply in the request" in the
| > certificates template Subject Name tab. If you have permissions on a
| > certificate but the Subject name is not built from Active Directory,
your
| > certificate request will fail.
| > 5. Your client might not be able to verify the CA certificates
validity.
| > To
| > check the CA certificate you must make the CA certificate available to
| > your
| > client computer. Perform the following command at your client:
| > certutil -verify -URLfetch [CAcertificate]
| >
| > Replace CAcertificate with the filename of the CA certificate. Make sure
| > that the CA certificate is verified successfully.
| >
| > Then try to repeat your steps to see if the issue can be clear, in
| > addition
| > please also make sure that your Enterprise AD did not belong to domain
| > guest member group.
| >
| > Hope the above information helpful. I am sorry for any inconvenience on
| > this issue.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "PG" <*@*.*>
| > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
| > <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
| > <34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
| > <Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > <Oi6nhtCwFHA.552(a)TK2MSFTNGP12.phx.gbl>
| > <hCBwZJjwFHA.3244(a)TK2MSFTNGXA01.phx.gbl>
| > | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| > | Date: Tue, 27 Sep 2005 08:52:36 +0100
| > | Lines: 1415
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | Message-ID: <uTRYvizwFHA.2076(a)TK2MSFTNGP14.phx.gbl>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: 62.48.233.71
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:156751
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi Charles,
| > |
| > | Yes all the grey templates have permission issues. I cant add, or
change
| > the
| > | permissions for those templates.
| > |
| > | And all my efforts where made has enterprise admin, to try and clear
the
| > | "access denied" problem... :(
| > |
| > | I really don't understand what went wrong with this Certification
| > Authority.
| > |
| > | :(
| > |
| > | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in
message
| > | news:hCBwZJjwFHA.3244(a)TK2MSFTNGXA01.phx.gbl...
| > | > HI PG,
| > | >
| > | > From your description, it seems a lot of template has the permission
| > | > issue?
| > | > Can I assume that all the permission of this grey template
encountered
| > the
| > | > same issue when you try to change the permission and the permission
| > the
| > | > security section is not correct as I referred to?
| > | >
| > | > If so, I suggest you make sure that you logon the SBS server with
| > | > Enterprise Admin, it seems to be the permission issue, if possible
| > please
| > | > make sure that you logon via Built-in Enterprise Admin to see if the
| > | > problem can be cleared,
| > | >
| > | > Thanks for your effort.
| > | >
| > | >
| > | >
| > | > Best regards,
| > | >
| > | > Charles Yang (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | > --------------------
| > | > | From: "PG" <*@*.*>
| > | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | > <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > | > <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
| > | > <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
| > | > <34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
| > | > <Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | > | Subject: Re: SBS2003Premium Certification Authority from HELL!!!
| > | > | Date: Fri, 23 Sep 2005 11:39:53 +0100
| > | > | Lines: 1168
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | Message-ID: <Oi6nhtCwFHA.552(a)TK2MSFTNGP12.phx.gbl>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: 62.48.233.71
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:155851
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Hi Charles,
| > | > |
| > | > | I went to DCOMCNFG and on the Launch permission it was empty, and
I
| > | > added
| > | > | Everyone with (Launch permission---Allow)
| > | > | and in the Access permission it is everyone (Access
| > permission---Allow),
| > | > so
| > | > | I didn't have to change it.
| > | > | Could not find anything that refered to (Local Activation Remote
| > | > Activation)
| > | > | or (Local Access Remote Access) as you sayd. Only (Launch
| > Permission)
| > | > and
| > | > | (Access Permission).
| > | > |
| > | > | After applying the changes to DCOM I tryed to request a
certificate,
| > and
| > | > the
| > | > | same error ocurred. Duplicated a Template and still the same
error.
| > :(
| > | > | "No certificate templates could be found. You do not have
permission
| > to
| > | > | request a certificate from this CA,or an error occurred while
| > accessing
| > | > the
| > | > | Active Directory."
| > | > |
| > | > | In response to your question, all the certificates templates,
from
| > the
| > | > | pictures I sent you, that are greyd out have permissions issues,
and
| > | > don't
| > | > | let me add or change permissions for those certificates.
| > | > |
| > | > | :(
| > | > |
| > | > |
| > | > | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com> wrote in
| > message
| > | > | news:Hlv7FVCwFHA.580(a)TK2MSFTNGXA01.phx.gbl...
| > | > | > HI PG,
| > | > | >
| > | > | > Thanks for updates.
| > | > | >
| > | > | > After making research, I find solutions for you, please refer
to
| > the
| > | > steps
| > | > | > below:
| > | > | >
| > | > | > 1 Open DCOMCNFG
| > | > | > 2- Select Componect Services
| > | > | > ---Computers
| > | > | > ----My Computer
| > | > | > ------Dcom Config
| > | > | > ---- CertSrv Request
| > | > | > 3- Open properties and verify Security permission for Launch and
| > | > | > Activation
| > | > | > Permissions (Should be Customize --Everyone ---Local Activation
| > Remote
| > | > | > Activation)
| > | > | >
| > | > | > Access Permissions (Should be Customize -Everyone ---Local
Access
| > | > Remote
| > | > | > Access)
| > | > | >
| > | > | > If the issue still exists, please recreate a certificate
template
| > to
| > | > see
| > | > | > if
| > | > | > the issue can be resolved. You can try to request a certificate
| > via
| > a
| > | > new
| > | > | > template. From your screenshot we found only one of the
template
| > you
| > | > | > encountered permission issue, can we assume it is the
certificate
| > | > template
| > | > | > you use for the certificate?
| > | > | >
| > | > | > Thanks for understanding on this issue, please feel free to post
| > back.
| > | > | >
| > | > | >
| > | > | >
| > | > | > Best regards,
| > | > | >
| > | > | > Charles Yang (MSFT)
| > | > | >
| > | > | > Microsoft CSS Online Newsgroup Support
| > | > | >
| > | > | > Get Secure! - www.microsoft.com/security
| > | > | >
| > | > | > ======================================================
| > | > | > This newsgroup only focuses on SBS technical issues. If you have
| > | > issues
| > | > | > regarding other Microsoft products, you'd better post in the
| > | > corresponding
| > | > | > newsgroups so that they can be resolved in an efficient and
timely
| > | > manner.
| > | > | > You can locate the newsgroup here:
| > | > | >
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | >
| > | > | > When opening a new thread via the web interface, we recommend
you
| > | > check
| > | > | > the
| > | > | > "Notify me of replies" box to receive e-mail notifications when
| > there
| > | > are
| > | > | > any updates in your thread. When responding to posts via your
| > | > newsreader,
| > | > | > please "Reply to Group" so that others may learn and benefit
from
| > your
| > | > | > issue.
| > | > | >
| > | > | > Microsoft engineers can only focus on one issue per thread.
| > Although
| > | > we
| > | > | > provide other information for your reference, we recommend you
| > post
| > | > | > different incidents in different threads to keep the thread
clean.
| > In
| > | > | > doing
| > | > | > so, it will ensure your issues are resolved in a timely manner.
| > | > | >
| > | > | > For urgent issues, you may want to contact Microsoft CSS
directly.
| > | > Please
| > | > | > check http://support.microsoft.com for regional support phone
| > numbers.
| > | > | >
| > | > | > Any input or comments in this thread are highly appreciated.
| > | > | > ======================================================
| > | > | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | > rights.
| > | > | >
| > | > | >
| > | > | > =====================================================
| > | > | > When responding to posts, please "Reply to Group" via your
| > newsreader
| > | > so
| > | > | > that others may learn and benefit from your issue.
| > | > | > =====================================================
| > | > | >
| > | > | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | > rights.
| > | > | >
| > | > | > --------------------
| > | > | > | X-Tomcat-ID: 138385008
| > | > | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > | > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > | > | > <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
| > | > | > | MIME-Version: 1.0
| > | > | > | Content-Type: text/plain
| > | > | > | Content-Transfer-Encoding: 7bit
| > | > | > | From: v-chayan(a)online.microsoft.com ("Charles Yang [MSFT]")
| > | > | > | Organization: Microsoft
| > | > | > | Date: Fri, 23 Sep 2005 08:54:33 GMT
| > | > | > | Subject: Re: SBS2003Premium Certification Authority from
HELL!!!
| > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | > | Message-ID: <34gfuxBwFHA.2960(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | Lines: 797
| > | > | > | Path: TK2MSFTNGXA01.phx.gbl
| > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.windows.server.sbs:155820
| > | > | > | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
| > | > | > |
| > | > | > | HI PG,
| > | > | > |
| > | > | > | Currently, I am performing research on this issue, I will
return
| > to
| > | > you
| > | > | > as
| > | > | > | soon as possible, please understand that it might be some
delay
| > due
| > | > to
| > | > | > the
| > | > | > | weekend.
| > | > | > |
| > | > | > | Thanks for your understanding.
| > | > | > |
| > | > | > |
| > | > | > | Best regards,
| > | > | > |
| > | > | > | Charles Yang (MSFT)
| > | > | > |
| > | > | > | Microsoft CSS Online Newsgroup Support
| > | > | > |
| > | > | > | Get Secure! - www.microsoft.com/security
| > | > | > |
| > | > | > | ======================================================
| > | > | > | This newsgroup only focuses on SBS technical issues. If you
have
| > | > issues
| > | > | > | regarding other Microsoft products, you'd better post in the
| > | > | > corresponding
| > | > | > | newsgroups so that they can be resolved in an efficient and
| > timely
| > | > | > manner.
| > | > | > | You can locate the newsgroup here:
| > | > | > |
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | > |
| > | > | > | When opening a new thread via the web interface, we recommend
| > you
| > | > check
| > | > | > the
| > | > | > | "Notify me of replies" box to receive e-mail notifications
when
| > | > there
| > | > | > are
| > | > | > | any updates in your thread. When responding to posts via your
| > | > | > newsreader,
| > | > | > | please "Reply to Group" so that others may learn and benefit
| > from
| > | > your
| > | > | > | issue.
| > | > | > |
| > | > | > | Microsoft engineers can only focus on one issue per thread.
| > Although
| > | > we
| > | > | > | provide other information for your reference, we recommend you
| > post
| > | > | > | different incidents in different threads to keep the thread
| > clean.
| > | > In
| > | > | > doing
| > | > | > | so, it will ensure your issues are resolved in a timely
manner.
| > | > | > |
| > | > | > | For urgent issues, you may want to contact Microsoft CSS
| > directly.
| > | > | > Please
| > | > | > | check http://support.microsoft.com for regional support phone
| > | > numbers.
| > | > | > |
| > | > | > | Any input or comments in this thread are highly appreciated.
| > | > | > | ======================================================
| > | > | > | This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | > rights.
| > | > | > |
| > | > | > |
| > | > | > | =====================================================
| > | > | > | When responding to posts, please "Reply to Group" via your
| > | > newsreader
| > | > so
| > | > | > | that others may learn and benefit from your issue.
| > | > | > | =====================================================
| > | > | > |
| > | > | > | This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | > rights.
| > | > | > |
| > | > | > | --------------------
| > | > | > | | From: "PG" <*@*.*>
| > | > | > | | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | > | <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | > | <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > | > | <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > | > | > | <AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | | Subject: Re: SBS2003Premium Certification Authority from
| > HELL!!!
| > | > | > | | Date: Thu, 22 Sep 2005 11:32:11 +0100
| > | > | > | | Lines: 785
| > | > | > | | X-Priority: 3
| > | > | > | | X-MSMail-Priority: Normal
| > | > | > | | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | > | | X-RFC2646: Format=Flowed; Original
| > | > | > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | > | | Message-ID: <#yfejE2vFHA.708(a)TK2MSFTNGP10.phx.gbl>
| > | > | > | | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | | NNTP-Posting-Host: 62.48.233.71
| > | > | > | | Path:
| > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| > | > | > | | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.windows.server.sbs:155518
| > | > | > | | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | > | |
| > | > | > | | Hi Charles,
| > | > | > | |
| > | > | > | | 1. I sent all the logs you requested to your e-mail.
| > | > | > | |
| > | > | > | | 2. Done that also.
| > | > | > | |
| > | > | > | | 3. No changes done...that I can remember
| > | > | > | |
| > | > | > | | Thanks
| > | > | > | |
| > | > | > | | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com>
wrote
| > in
| > | > | > message
| > | > | > | | news:AtVfNj1vFHA.780(a)TK2MSFTNGXA01.phx.gbl...
| > | > | > | | > Hi PG,
| > | > | > | | >
| > | > | > | | > After checking your screen shot, we decide to collect more
| > | > | > information,
| > | > | > | as
| > | > | > | | > this issue should relate to AD setting:
| > | > | > | | >
| > | > | > | | > 1. Please send me all the event log except the
application
| > and
| > | > | > system
| > | > | > | | > event
| > | > | > | | > log that you have already sent to me.
| > | > | > | | > 2. please also run netdiag -v and dcdiag -v on the SBS
| > server
| > | > and
| > | > | > send
| > | > | > | the
| > | > | > | | > results to me also.
| > | > | > | | > 3. If possible, could you tell us if have changed any
| > setting
| > on
| > | > AD
| > | > | > or
| > | > | > | on
| > | > | > | | > SBS server. As the screen shot point that you have some
| > problem
| > | > in
| > | > | > query
| > | > | > | | > user objects on DC.
| > | > | > | | >
| > | > | > | | > I appreciate your effort on this issue.
| > | > | > | | >
| > | > | > | | >
| > | > | > | | >
| > | > | > | | > Best regards,
| > | > | > | | >
| > | > | > | | > Charles Yang (MSFT)
| > | > | > | | >
| > | > | > | | > Microsoft CSS Online Newsgroup Support
| > | > | > | | >
| > | > | > | | > Get Secure! - www.microsoft.com/security
| > | > | > | | >
| > | > | > | | > ======================================================
| > | > | > | | > This newsgroup only focuses on SBS technical issues. If
you
| > have
| > | > | > issues
| > | > | > | | > regarding other Microsoft products, you'd better post in
the
| > | > | > | corresponding
| > | > | > | | > newsgroups so that they can be resolved in an efficient
and
| > | > timely
| > | > | > | manner.
| > | > | > | | > You can locate the newsgroup here:
| > | > | > | | >
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | > | | >
| > | > | > | | > When opening a new thread via the web interface, we
| > recommend
| > | > you
| > | > | > check
| > | > | > | | > the
| > | > | > | | > "Notify me of replies" box to receive e-mail notifications
| > when
| > | > | > there
| > | > | > | are
| > | > | > | | > any updates in your thread. When responding to posts via
| > your
| > | > | > | newsreader,
| > | > | > | | > please "Reply to Group" so that others may learn and
benefit
| > | > from
| > | > | > your
| > | > | > | | > issue.
| > | > | > | | >
| > | > | > | | > Microsoft engineers can only focus on one issue per
thread.
| > | > Although
| > | > | > we
| > | > | > | | > provide other information for your reference, we
recommend
| > you
| > | > post
| > | > | > | | > different incidents in different threads to keep the
thread
| > | > clean.
| > | > | > In
| > | > | > | | > doing
| > | > | > | | > so, it will ensure your issues are resolved in a timely
| > manner.
| > | > | > | | >
| > | > | > | | > For urgent issues, you may want to contact Microsoft CSS
| > | > directly.
| > | > | > | Please
| > | > | > | | > check http://support.microsoft.com for regional support
| > phone
| > | > | > numbers.
| > | > | > | | >
| > | > | > | | > Any input or comments in this thread are highly
appreciated.
| > | > | > | | > ======================================================
| > | > | > | | > This posting is provided "AS IS" with no warranties, and
| > confers
| > | > no
| > | > | > | | > rights.
| > | > | > | | >
| > | > | > | | >
| > | > | > | | > =====================================================
| > | > | > | | > When responding to posts, please "Reply to Group" via your
| > | > | > newsreader
| > | > | > so
| > | > | > | | > that others may learn and benefit from your issue.
| > | > | > | | > =====================================================
| > | > | > | | >
| > | > | > | | > This posting is provided "AS IS" with no warranties, and
| > confers
| > | > no
| > | > | > | | > rights.
| > | > | > | | >
| > | > | > | | > --------------------
| > | > | > | | > | From: "PG" <*@*.*>
| > | > | > | | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | > | | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | > | | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | | > <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > | > | | > <MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | | > | Subject: Re: SBS2003Premium Certification Authority from
| > | > HELL!!!
| > | > | > | | > | Date: Thu, 22 Sep 2005 09:31:33 +0100
| > | > | > | | > | Lines: 597
| > | > | > | | > | X-Priority: 3
| > | > | > | | > | X-MSMail-Priority: Normal
| > | > | > | | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | > | | > | X-RFC2646: Format=Flowed; Original
| > | > | > | | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | > | | > | Message-ID: <u6mrIB1vFHA.4032(a)TK2MSFTNGP15.phx.gbl>
| > | > | > | | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | | > | NNTP-Posting-Host: 62.48.233.71
| > | > | > | | > | Path:
| > | > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| > | > | > | | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | > microsoft.public.windows.server.sbs:155493
| > | > | > | | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | > | | > |
| > | > | > | | > | Hi Charles,
| > | > | > | | > |
| > | > | > | | > | I started to go through the points you reffered
bellow
| > and
| > | > on
| > | > | > the
| > | > | > | | > second
| > | > | > | | > | point(Permissions settings) everything checked out ok
| > except
| > | > for
| > | > | > the
| > | > | > | | > | certificates templates permissions again, I'm unable to
| > change
| > | > | > | | > permissions
| > | > | > | | > | on some certificates, but others are ok! I'm sending you
| > some
| > | > | > | compressed
| > | > | > | | > | pictures to your e-mail so you can try and see if this
is
| > | > normal,
| > | > | > or
| > | > | > | | > not.
| > | > | > | | > | I didn't want to continue following your
| > suggestions(to
| > | > | > reinstall
| > | > | > | | > the
| > | > | > | | > | CA) before you had a look at the pictures I sent you.
| > | > | > | | > |
| > | > | > | | > | Thanks
| > | > | > | | > | PG
| > | > | > | | > |
| > | > | > | | > | ""Charles Yang [MSFT]"" <v-chayan(a)online.microsoft.com>
| > wrote
| > | > in
| > | > | > | message
| > | > | > | | > | news:MQvDERxvFHA.580(a)TK2MSFTNGXA01.phx.gbl...
| > | > | > | | > | > Hi,
| > | > | > | | > | >
| > | > | > | | > | > Thanks for updates.
| > | > | > | | > | >
| > | > | > | | > | > After carefully checking your log, we did not find any
| > | > relate
| > | > | > | | > information,
| > | > | > | | > | > please note that it might take some time to do the
task.
| > | > | > | | > | >
| > | > | > | | > | > For this issue, I have some suggestion below:
| > | > | > | | > | >
| > | > | > | | > | > Can I assume that you want to set up the SBS 2003
| > premium
| > as
| > | > a
| > | > | > CA
| > | > | > | | > server,
| > | > | > | | > | > so that when user logon to website, they require the
| > | > | > certificate,
| > | > | > | | > which
| > | > | > | | > | > purpose you want to use for this certificate for VPN
| > issue
| > | > or
| > | > | > for
| > | > | > a
| > | > | > | | > | > website? From your log, it seems to be used for IPSec
| > VPN.
| > | > | > | | > | >
| > | > | > | | > | > 1. Please change the website you use for web
| > enrollment's
| > | > | > | | > authentication
| > | > | > | | > | > method from anonymous to Windows Authentication.
| > | > | > | | > | > 2. Please refer to the KB article below to check the
| > | > permission
| > | > | > | | > setting
| > | > | > | | > | > for
| > | > | > | | > | > CA, make sure that you have go through the article to
| > double
| > | > | > check
| > | > | > | it:
| > | > | > | | > | >
| > | > | > | | > | > Q239706 Default Permission Settings for Enterprise
| > | > Certificate
| > | > | > | | > Authority
| > | > | > | | > | >
http://support.microsoft.com/default.aspx?scid=kb;EN-US
| > | > | > | | > | >
| > | > | > | | > | > 3. If the issue still exists, please follow the steps
to
| > | > | > reinstall
| > | > | > | the
| > | > | > | | > CA
| > | > | > | | > | > server:
| > | > | > | | > | >
| > | > | > | | > | > A. Opened regedit and went to HKLM\system\CCS\services
| > and
| > | > | > | deleted
| > | > | > | | > the
| > | > | > | | > | > certsrv key
| > | > | > | | > | > B. Opened the file system and deleted
| > | > c:\winnt\system32\certserv
| > | > | > | | > folder
| > | > | > | | > | > and
| > | > | > | | > | > contents
| > | > | > | | > | > C. Opened up AD sites and services and deleted and in
| > | > | > | services\public
| > | > | > | | > key
| > | > | > | | > | > services
| > | > | > | | > | >
| > | > | > | | > | > Please deleted all the contents of the containers
| > leaving
| > | > the
| > | > | > empty
| > | > | > | | > | > containers with the exception of the templates
| > container.
| > | > Note,
| > | > | > | please
| > | > | > | | > | > perform a backup for registry.
| > | > | > | | > | >
| > | > | > | | > | > If the issue still exist, you have to refer to the KB
| > | > article
| > | > | > below
| > | > | > | to
| > | > | > | | > | > change the log level of certificate then reproduce the
| > issue
| > | > | > check
| > | > | > | the
| > | > | > | | > | > event log again.
| > | > | > | | > | >
| > | > | > | | > | > 305018 How to Change the Event Logging Level for
| > Certificate
| > | > | > | Services
| > | > | > | | > | > http://support.microsoft.com/?id=305018
| > | > | > | | > | >
| > | > | > | | > | > Thanks for your efforts. I will be here waiting for
| > updates.
| > | > | > | | > | >
| > | > | > | | > | >
| > | > | > | | > | >
| > | > | > | | > | > Best regards,
| > | > | > | | > | >
| > | > | > | | > | > Charles Yang (MSFT)
| > | > | > | | > | >
| > | > | > | | > | > Microsoft CSS Online Newsgroup Support
| > | > | > | | > | >
| > | > | > | | > | > Get Secure! - www.microsoft.com/security
| > | > | > | | > | >
| > | > | > | | > | > ======================================================
| > | > | > | | > | > This newsgroup only focuses on SBS technical issues.
If
| > you
| > | > have
| > | > | > | | > issues
| > | > | > | | > | > regarding other Microsoft products, you'd better post
in
| > the
| > | > | > | | > corresponding
| > | > | > | | > | > newsgroups so that they can be resolved in an
efficient
| > and
| > | > | > timely
| > | > | > | | > manner.
| > | > | > | | > | > You can locate the newsgroup here:
| > | > | > | | > | >
| > | > | >
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | > | | > | >
| > | > | > | | > | > When opening a new thread via the web interface, we
| > | > recommend
| > | > | > you
| > | > | > | | > check
| > | > | > | | > | > the
| > | > | > | | > | > "Notify me of replies" box to receive e-mail
| > notifications
| > | > when
| > | > | > | there
| > | > | > | | > are
| > | > | > | | > | > any updates in your thread. When responding to posts
via
| > | > your
| > | > | > | | > newsreader,
| > | > | > | | > | > please "Reply to Group" so that others may learn and
| > benefit
| > | > | > from
| > | > | > | your
| > | > | > | | > | > issue.
| > | > | > | | > | >
| > | > | > | | > | > Microsoft engineers can only focus on one issue per
| > thread.
| > | > | > | Although
| > | > | > | | > we
| > | > | > | | > | > provide other information for your reference, we
| > recommend
| > | > you
| > | > | > post
| > | > | > | | > | > different incidents in different threads to keep the
| > thread
| > | > | > clean.
| > | > | > | In
| > | > | > | | > | > doing
| > | > | > | | > | > so, it will ensure your issues are resolved in a
timely
| > | > manner.
| > | > | > | | > | >
| > | > | > | | > | > For urgent issues, you may want to contact Microsoft
CSS
| > | > | > directly.
| > | > | > | | > Please
| > | > | > | | > | > check http://support.microsoft.com for regional
support
| > | > phone
| > | > | > | numbers.
| > | > | > | | > | >
| > | > | > | | > | > Any input or comments in this thread are highly
| > appreciated.
| > | > | > | | > | > ======================================================
| > | > | > | | > | > This posting is provided "AS IS" with no warranties,
and
| > | > confers
| > | > | > no
| > | > | > | | > | > rights.
| > | > | > | | > | >
| > | > | > | | > | >
| > | > | > | | > | > =====================================================
| > | > | > | | > | > When responding to posts, please "Reply to Group" via
| > your
| > | > | > | newsreader
| > | > | > | | > so
| > | > | > | | > | > that others may learn and benefit from your issue.
| > | > | > | | > | > =====================================================
| > | > | > | | > | >
| > | > | > | | > | > This posting is provided "AS IS" with no warranties,
and
| > | > confers
| > | > | > no
| > | > | > | | > | > rights.
| > | > | > | | > | >
| > | > | > | | > | > --------------------
| > | > | > | | > | > | From: "PG" <*@*.*>
| > | > | > | | > | > | References: <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | > | | > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | | > | > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | > | | > | > <biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | | > | > | Subject: Re: SBS2003Premium Certification Authority
| > from
| > | > | > HELL!!!
| > | > | > | | > | > | Date: Wed, 21 Sep 2005 11:33:30 +0100
| > | > | > | | > | > | Lines: 401
| > | > | > | | > | > | X-Priority: 3
| > | > | > | | > | > | X-MSMail-Priority: Normal
| > | > | > | | > | > | X-Newsreader: Microsoft Outlook Express
6.00.3790.1830
| > | > | > | | > | > | X-RFC2646: Format=Flowed; Original
| > | > | > | | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
| > V6.00.3790.1830
| > | > | > | | > | > | Message-ID: <#iTzmgpvFHA.3252(a)TK2MSFTNGP10.phx.gbl>
| > | > | > | | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | | > | > | NNTP-Posting-Host: 62.48.233.71
| > | > | > | | > | > | Path:
| > | > | > | | >
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| > | > | > | | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | > | | > microsoft.public.windows.server.sbs:155186
| > | > | > | | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | > | | > | > |
| > | > | > | | > | > | I've sent you the log's as you requested Charles...
| > | > | > | | > | > |
| > | > | > | | > | > | Thanks for the help
| > | > | > | | > | > |
| > | > | > | | > | > | ""Charles Yang [MSFT]""
| > <v-chayan(a)online.microsoft.com>
| > | > wrote
| > | > | > in
| > | > | > | | > message
| > | > | > | | > | > | news:biaXSFkvFHA.3020(a)TK2MSFTNGXA01.phx.gbl...
| > | > | > | | > | > | > HI PG,
| > | > | > | | > | > | >
| > | > | > | | > | > | > Thanks for updates.
| > | > | > | | > | > | >
| > | > | > | | > | > | > In order to make the issue more clear, could you
| > send
| > me
| > | > the
| > | > | > | | > | > application
| > | > | > | | > | > | > log and system event log so that we can isolate
the
| > | > issue
| > | > | > more
| > | > | > | | > | > clearly,
| > | > | > | | > | > | > you
| > | > | > | | > | > | > can compress the log files and send to my mailbox.
| > | > | > | | > | > | >
| > | > | > | | > | > | > v-chayan(a)microsoft.com
| > | > | > | | > | > | >
| > | > | > | | > | > | > Thanks for your understanding.
| > | > | > | | > | > | >
| > | > | > | | > | > | >
| > | > | > | | > | > | >
| > | > | > | | > | > | > Best regards,
| > | > | > | | > | > | >
| > | > | > | | > | > | > Charles Yang (MSFT)
| > | > | > | | > | > | >
| > | > | > | | > | > | > Microsoft CSS Online Newsgroup Support
| > | > | > | | > | > | >
| > | > | > | | > | > | > Get Secure! - www.microsoft.com/security
| > | > | > | | > | > | >
| > | > | > | | > | > | >
| > ======================================================
| > | > | > | | > | > | > This newsgroup only focuses on SBS technical
issues.
| > If
| > | > you
| > | > | > have
| > | > | > | | > | > issues
| > | > | > | | > | > | > regarding other Microsoft products, you'd better
| > post
| > in
| > | > the
| > | > | > | | > | > corresponding
| > | > | > | | > | > | > newsgroups so that they can be resolved in an
| > efficient
| > | > and
| > | > | > | timely
| > | > | > | | > | > manner.
| > | > | > | | > | > | > You can locate the newsgroup here:
| > | > | > | | > | > | >
| > | > | > |
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | > | | > | > | >
| > | > | > | | > | > | > When opening a new thread via the web interface,
we
| > | > | > recommend
| > | > | > | you
| > | > | > | | > | > check
| > | > | > | | > | > | > the
| > | > | > | | > | > | > "Notify me of replies" box to receive e-mail
| > | > notifications
| > | > | > when
| > | > | > | | > there
| > | > | > | | > | > are
| > | > | > | | > | > | > any updates in your thread. When responding to
posts
| > via
| > | > | > your
| > | > | > | | > | > newsreader,
| > | > | > | | > | > | > please "Reply to Group" so that others may learn
and
| > | > benefit
| > | > | > | from
| > | > | > | | > your
| > | > | > | | > | > | > issue.
| > | > | > | | > | > | >
| > | > | > | | > | > | > Microsoft engineers can only focus on one issue
per
| > | > thread.
| > | > | > | | > Although
| > | > | > | | > | > we
| > | > | > | | > | > | > provide other information for your reference, we
| > | > recommend
| > | > | > you
| > | > | > | | > post
| > | > | > | | > | > | > different incidents in different threads to keep
the
| > | > thread
| > | > | > | clean.
| > | > | > | | > In
| > | > | > | | > | > | > doing
| > | > | > | | > | > | > so, it will ensure your issues are resolved in a
| > timely
| > | > | > manner.
| > | > | > | | > | > | >
| > | > | > | | > | > | > For urgent issues, you may want to contact
Microsoft
| > CSS
| > | > | > | directly.
| > | > | > | | > | > Please
| > | > | > | | > | > | > check http://support.microsoft.com for regional
| > support
| > | > | > phone
| > | > | > | | > numbers.
| > | > | > | | > | > | >
| > | > | > | | > | > | > Any input or comments in this thread are highly
| > | > appreciated.
| > | > | > | | > | > | >
| > ======================================================
| > | > | > | | > | > | > This posting is provided "AS IS" with no
warranties,
| > and
| > | > | > | confers
| > | > | > | | > no
| > | > | > | | > | > | > rights.
| > | > | > | | > | > | >
| > | > | > | | > | > | >
| > | > | > | | > | > | >
| > =====================================================
| > | > | > | | > | > | > When responding to posts, please "Reply to Group"
| > via
| > | > your
| > | > | > | | > newsreader
| > | > | > | | > | > so
| > | > | > | | > | > | > that others may learn and benefit from your issue.
| > | > | > | | > | > | >
| > =====================================================
| > | > | > | | > | > | >
| > | > | > | | > | > | > This posting is provided "AS IS" with no
warranties,
| > and
| > | > | > | confers
| > | > | > | | > no
| > | > | > | | > | > | > rights.
| > | > | > | | > | > | >
| > | > | > | | > | > | > --------------------
| > | > | > | | > | > | > | From: "PG" <*@*.*>
| > | > | > | | > | > | > | References:
| > <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | > | | > | > | > <tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl>
| > | > | > | | > | > | > | Subject: Re: SBS2003Premium Certification
| > Authority
| > | > from
| > | > | > | HELL!!!
| > | > | > | | > | > | > | Date: Tue, 20 Sep 2005 13:28:25 +0100
| > | > | > | | > | > | > | Lines: 269
| > | > | > | | > | > | > | X-Priority: 3
| > | > | > | | > | > | > | X-MSMail-Priority: Normal
| > | > | > | | > | > | > | X-Newsreader: Microsoft Outlook Express
| > 6.00.3790.1830
| > | > | > | | > | > | > | X-RFC2646: Format=Flowed; Original
| > | > | > | | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
| > | > V6.00.3790.1830
| > | > | > | | > | > | > | Message-ID:
| > <OCcZJ8dvFHA.3080(a)tk2msftngp13.phx.gbl>
| > | > | > | | > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | | > | > | > | NNTP-Posting-Host: 62.48.233.71
| > | > | > | | > | > | > | Path:
| > | > | > | | > | >
| > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | > | > | | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | > | | > | > microsoft.public.windows.server.sbs:154800
| > | > | > | | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Thanks for your reply Charles
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Responses to your questions follow, and are in
| > line:
| > | > | > | | > | > | > |
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | ""Charles Yang [MSFT]""
| > | > <v-chayan(a)online.microsoft.com>
| > | > | > wrote
| > | > | > | in
| > | > | > | | > | > message
| > | > | > | | > | > | > | news:tiIB9hYvFHA.768(a)TK2MSFTNGXA01.phx.gbl...
| > | > | > | | > | > | > | > HI PG,
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Welcome to SBS newsgroup.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Issue description:
| > | > | > | | > | > | > | > ================
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > I understand that you encountered some problem
| > when
| > | > | > using
| > | > | > | CA
| > | > | > | | > on
| > | > | > | | > | > SBS
| > | > | > | | > | > | > 2003
| > | > | > | | > | > | > | > premium.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Analyzing and suggestions:
| > | > | > | | > | > | > | > ================
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Generally speaking, the error you encountered
| > can
| > be
| > | > | > caused
| > | > | > | by
| > | > | > | | > | > many
| > | > | > | | > | > | > | > factors, in order to make the issue more
clear,
| > | > please
| > | > | > | refer
| > | > | > | | > to
| > | > | > | | > my
| > | > | > | | > | > | > | > suggestions below to gather more information:
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > 1. If possible, please send me the event log
for
| > | > further
| > | > | > | | > research,
| > | > | > | | > | > it
| > | > | > | | > | > | > | > should include more information which can
help
| > us
| > | > | > determine
| > | > | > | | > which
| > | > | > | | > | > | > kinds
| > | > | > | | > | > | > of
| > | > | > | | > | > | > | > error you encountered, you can send the log
| > files
| > to
| > | > my
| > | > | > | email
| > | > | > | | > box.
| > | > | > | | > | > | > | > v-chayan(a)microsoft.com.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | There is nothing recorded in the logs, when the
| > | > error's
| > | > | > occur.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 2. Does the issue occur from the client's
| > computer
| > | > or
| > | > | > from
| > | > | > | the
| > | > | > | | > | > server
| > | > | > | | > | > | > | > side?
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Both! It occur's when I request a certificate
from
| > the
| > | > | > client
| > | > | > | | > and
| > | > | > | | > | > from
| > | > | > | | > | > | > the
| > | > | > | | > | > | > | server! :( Via Web request or MMC snap-in
| > | > | > | | > | > | > |
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Let's first check the following:
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > 1. Go to the CA Server, go to Services.msc
| > console,
| > | > make
| > | > | > | sure
| > | > | > | | > that
| > | > | > | | > | > the
| > | > | > | | > | > | > | > Certificate Service is started.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 2. Open Certificate Authority, make sure that
it
| > can
| > | > be
| > | > | > | | > opened.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 3. If you are using Enterprise CA, go to the
| > | > Certificate
| > | > | > | | > Template
| > | > | > | | > | > in
| > | > | > | | > | > | > the
| > | > | > | | > | > | > | > Certificate Authority, make sure that
necessary
| > | > | > Certificate
| > | > | > | | > | > Template
| > | > | > | | > | > | > is
| > | > | > | | > | > | > | > added and listed in the right panel.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 4. On the CA Server, click Start -> Run, type
| > MMC
| > | > and
| > | > | > click
| > | > | > | | > OK.
| > | > | > | | > | > Click
| > | > | > | | > | > | > File
| > | > | > | | > | > | > | > -> Add/Remove Snap-in, click Add button,
select
| > | > | > Certificate,
| > | > | > | | > click
| > | > | > | | > | > | > Add,
| > | > | > | | > | > | > | > select Computer Account and click next. Select
| > Local
| > | > | > | Computer,
| > | > | > | | > | > click
| > | > | > | | > | > | > | > Finish
| > | > | > | | > | > | > | > and then Close.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 5. Expand the Certificate (Local
| > | > | > | | > Computer)\Personal\Certificate,
| > | > | > | | > | > check
| > | > | > | | > | > | > if
| > | > | > | | > | > | > | > the Root certificate exists. It's 'issued by'
| > and
| > | > | > 'issued
| > | > | > | to'
| > | > | > | | > | > should
| > | > | > | | > | > | > be
| > | > | > | | > | > | > | > itself. Then please check if the root
| > certificate
| > is
| > | > | > still
| > | > | > | | > alive.
| > | > | > | | > | > If
| > | > | > | | > | > | > it
| > | > | > | | > | > | > is
| > | > | > | | > | > | > | > expired, right click the Certificate, select
All
| > | > | > Tasks ->
| > | > | > | | > Renew
| > | > | > | | > | > | > | > Certificate
| > | > | > | | > | > | > | > with Same Key. Then renew the user
certificate
| > and
| > | > let
| > | > | > me
| > | > | > | know
| > | > | > | | > how
| > | > | > | | > | > | > | > everything is going.
| > | > | > | | > | > | > | > NOTE: Please check the Certificate Authority
to
| > make
| > | > | > sure
| > | > | > | that
| > | > | > | | > | > these
| > | > | > | | > | > | > | > client
| > | > | > | | > | > | > | > certificate are not revoked before you renew
the
| > | > | > | certificate.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > If the issue still exists, please check if
the
| > CA
| > | > | > computer
| > | > | > | | > where
| > | > | > | | > | > you
| > | > | > | | > | > | > start
| > | > | > | | > | > | > | > the Certificate Web Enrollment from is set to
| > trust
| > | > for
| > | > | > | | > | > delegation.
| > | > | > | | > | > To
| > | > | > | | > | > | > do
| > | > | > | | > | > | > | > so:
| > | > | > | | > | > | > | > 1. Log on as a domain administrator or
| > equivalent
| > | > | > account.
| > | > | > | | > | > | > | > 2. Click Start, point to Programs, point to
| > | > | > Administrative
| > | > | > | | > Tools,
| > | > | > | | > | > and
| > | > | > | | > | > | > then
| > | > | > | | > | > | > | > click "Active Directory Users and Computers".
| > | > | > | | > | > | > | > 3. In the left pane, locate the container or
| > | > | > organizational
| > | > | > | | > unit
| > | > | > | | > | > (OU)
| > | > | > | | > | > | > on
| > | > | > | | > | > | > | > which you want to enable delegation.
| > | > | > | | > | > | > | > 4. Right-click the computer account name, and
| > then
| > | > click
| > | > | > | | > | > Properties.
| > | > | > | | > | > | > | > 5. On the General tab, click Trust computer
for
| > | > | > delegation.
| > | > | > | | > | > | > | > 6. Click OK.
| > | > | > | | > | > | > | > 7. Quit Active Directory Users and Computers.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > For more info, please refer to:
| > | > | > | | > | > | > | > 300867 Error Message: The Certification
| > Authority
| > | > | > Service
| > | > | > | Has
| > | > | > | | > Not
| > | > | > | | > | > Been
| > | > | > | | > | > | > | > Started
| > | > | > | | > | > | > | > http://support.microsoft.com/?id=300867
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | The certificate is alive until 16/9/2010! So I
| > didn't
| > | > | > renew
| > | > | > | it.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > This issue may also occur if the Domain Users
| > group
| > | > on
| > | > | > the
| > | > | > | | > child
| > | > | > | | > | > | > domain
| > | > | > | | > | > | > | > does not have the right to enroll a user
| > template.
| > | > To
| > | > | > have a
| > | > | > | | > | > check:
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > 1. Logon to CA Server as Enterprise
| > Administrator
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 2. Click Start, click Programs, click
| > Administrative
| > | > | > Tools,
| > | > | > | | > and
| > | > | > | | > | > then
| > | > | > | | > | > | > click
| > | > | > | | > | > | > | > the "Active Directory Sites and Services"
| > snap-in.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 3. In MMC, right-click the "Active Directory
| > Sites
| > | > and
| > | > | > | | > Services"
| > | > | > | | > | > | > snap-in,
| > | > | > | | > | > | > | > click View, and then click "Show Services
Mode".
| > | > This
| > | > | > allows
| > | > | > | | > you
| > | > | > | | > | > to
| > | > | > | | > | > | > view
| > | > | > | | > | > | > | > the Services folder, which is hidden from
view
| > by
| > | > | > default.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 4. From the "Active Directory Sites and
| > Services"
| > | > | > snap-in,
| > | > | > | | > click
| > | > | > | | > | > | > Services,
| > | > | > | | > | > | > | > click Public Key Services, and then click
| > | > Certificate
| > | > | > | | > Templates.
| > | > | > | | > | > This
| > | > | > | | > | > | > | > reveals the complete list of published
| > certificate
| > | > | > | templates
| > | > | > | | > in
| > | > | > | | > | > Active
| > | > | > | | > | > | > | > Directory.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 5. Double-click the User certificate template
to
| > | > view
| > | > | > the
| > | > | > | | > | > properties.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Check
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 6. On the Security tab, click Add to add the
| > Domain
| > | > | > Users
| > | > | > | | > group
| > | > | > | | > to
| > | > | > | | > | > the
| > | > | > | | > | > | > | > list.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | The group domain users wasn't there so I added
it
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 7. For the Domain Users group, select the
Read
| > and
| > | > | > Enroll
| > | > | > | | > rights.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | When I tryed to apply the changes it gave the
| > | > following
| > | > | > error:
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | "Unable to save permission changes on
| > | > | > | | > | > | > |
| > | > LDAP://SBS2003PDC.CONTIMETRA.LOCAL/CN=USER,CN=CERTIFICATE
| > | > | > | | > | > | > | TEMPLATES,CN=PUBLIC KEY
| > | > | > | | > | > | > |
| > | > | > SERVICES,CN=SERVICES,CN=CONFIGURATION,DC=CONTIMETRA,DC=LOCAL
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | ACCESS IS DENIED"
| > | > | > | | > | > | > |
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | > 8. Restart the computer.
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | Didn't do it because no changes were made!
| > | > | > | | > | > | > |
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > For more info, please refer to:
| > | > | > | | > | > | > | > 271861 Windows Cannot Find a Certificate
| > Authority
| > | > That
| > | > | > | | > Processes
| > | > | > | | > | > the
| > | > | > | | > | > | > | > Request
| > | > | > | | > | > | > | > http://support.microsoft.com/?id=271861
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > NOTE: Request from MMC only works if it is a
| > | > Enterprise
| > | > | > CA.
| > | > | > | To
| > | > | > | | > | > stand
| > | > | > | | > | > | > alone
| > | > | > | | > | > | > | > CA, you must request certificate by WEB.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > I appreciate your understanding and please
paste
| > | > your
| > | > | > | results
| > | > | > | | > as
| > | > | > | | > | > your
| > | > | > | | > | > | > | > convenience, It is important for us to
isolate
| > the
| > | > | > issue.
| > | > | > I
| > | > | > | am
| > | > | > | | > | > glad
| > | > | > | | > | > to
| > | > | > | | > | > | > | > help
| > | > | > | | > | > | > | > you.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Best regards,
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Charles Yang (MSFT)
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Microsoft CSS Online Newsgroup Support
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Get Secure! - www.microsoft.com/security
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | >
| > | > ======================================================
| > | > | > | | > | > | > | > This newsgroup only focuses on SBS technical
| > issues.
| > | > If
| > | > | > you
| > | > | > | | > have
| > | > | > | | > | > | > issues
| > | > | > | | > | > | > | > regarding other Microsoft products, you'd
better
| > | > post
| > | > in
| > | > | > the
| > | > | > | | > | > | > corresponding
| > | > | > | | > | > | > | > newsgroups so that they can be resolved in an
| > | > efficient
| > | > | > and
| > | > | > | | > timely
| > | > | > | | > | > | > manner.
| > | > | > | | > | > | > | > You can locate the newsgroup here:
| > | > | > | | > | > | > | >
| > | > | > | | >
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > When opening a new thread via the web
interface,
| > we
| > | > | > | recommend
| > | > | > | | > you
| > | > | > | | > | > | > check
| > | > | > | | > | > | > | > the
| > | > | > | | > | > | > | > "Notify me of replies" box to receive e-mail
| > | > | > notifications
| > | > | > | | > when
| > | > | > | | > | > there
| > | > | > | | > | > | > are
| > | > | > | | > | > | > | > any updates in your thread. When responding to
| > posts
| > | > via
| > | > | > | your
| > | > | > | | > | > | > newsreader,
| > | > | > | | > | > | > | > please "Reply to Group" so that others may
learn
| > and
| > | > | > benefit
| > | > | > | | > from
| > | > | > | | > | > your
| > | > | > | | > | > | > | > issue.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Microsoft engineers can only focus on one
issue
| > per
| > | > | > thread.
| > | > | > | | > | > Although
| > | > | > | | > | > | > we
| > | > | > | | > | > | > | > provide other information for your reference,
we
| > | > | > recommend
| > | > | > | you
| > | > | > | | > | > post
| > | > | > | | > | > | > | > different incidents in different threads to
keep
| > the
| > | > | > thread
| > | > | > | | > clean.
| > | > | > | | > | > In
| > | > | > | | > | > | > | > doing
| > | > | > | | > | > | > | > so, it will ensure your issues are resolved
in a
| > | > timely
| > | > | > | | > manner.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > For urgent issues, you may want to contact
| > Microsoft
| > | > CSS
| > | > | > | | > directly.
| > | > | > | | > | > | > Please
| > | > | > | | > | > | > | > check http://support.microsoft.com for
regional
| > | > support
| > | > | > | phone
| > | > | > | | > | > numbers.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > Any input or comments in this thread are
highly
| > | > | > appreciated.
| > | > | > | | > | > | > | >
| > | > ======================================================
| > | > | > | | > | > | > | > This posting is provided "AS IS" with no
| > warranties,
| > | > and
| > | > | > | | > confers
| > | > | > | | > | > no
| > | > | > | | > | > | > | > rights.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | >
| > | > =====================================================
| > | > | > | | > | > | > | > When responding to posts, please "Reply to
| > Group"
| > | > via
| > | > | > your
| > | > | > | | > | > newsreader
| > | > | > | | > | > | > so
| > | > | > | | > | > | > | > that others may learn and benefit from your
| > issue.
| > | > | > | | > | > | > | >
| > | > =====================================================
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > This posting is provided "AS IS" with no
| > warranties,
| > | > and
| > | > | > | | > confers
| > | > | > | | > | > no
| > | > | > | | > | > | > | > rights.
| > | > | > | | > | > | > | >
| > | > | > | | > | > | > | > --------------------
| > | > | > | | > | > | > | > | From: "PG" <*@*.*>
| > | > | > | | > | > | > | > | Subject: SBS2003Premium Certification
| > Authority
| > | > from
| > | > | > | HELL!!!
| > | > | > | | > | > | > | > | Date: Fri, 16 Sep 2005 11:35:46 +0100
| > | > | > | | > | > | > | > | Lines: 25
| > | > | > | | > | > | > | > | X-Priority: 3
| > | > | > | | > | > | > | > | X-MSMail-Priority: Normal
| > | > | > | | > | > | > | > | X-Newsreader: Microsoft Outlook Express
| > | > 6.00.3790.1830
| > | > | > | | > | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
| > | > | > V6.00.3790.1830
| > | > | > | | > | > | > | > | X-RFC2646: Format=Flowed; Original
| > | > | > | | > | > | > | > | Message-ID:
| > | > <#sK5fqquFHA.3688(a)tk2msftngp13.phx.gbl>
| > | > | > | | > | > | > | > | Newsgroups:
| > microsoft.public.windows.server.sbs
| > | > | > | | > | > | > | > | NNTP-Posting-Host: 62.48.233.71
| > | > | > | | > | > | > | > | Path:
| > | > | > | | > | > | >
| > | >
First  |  Prev  | 
Pages: 1 2 3 4
Prev: Backup error 0X80070458
Next: Remote Web Workplace