Hi Guy’s
We’re currently trying to issue machine certificates to Client PCs for a Single Sign On project that we are looking to implement for our connection to an external agency.
I’ve got an Off-line RootCA set up and on the network I’ve got Enterprise Subordinate CA
I’ve set up group policy as per the URL below but the certificate doesn’t issue.
I’ve had PCs in a test OU with the group policy settings and also tried pushing the policy settings via the default domain policy, GPResult shows the policy is being applied but as I say no Certifcate ever gets issued and I can’t see any errors in the event logs
The CA is working fine for issuing User and Web Server certificates.
I set up a test domain within VMWare to test my CA setup off our domain. The XP client within the test domain picked up the machine certificate without issue.
This then got me to thinking it was a rights issue as our main domain is setup as child domain. I found out whilst setting up the CA’s that I need Enterprise Level Rights for publishing certificates within the Child Domain.
On the Certification Authority properties for the Online CA I added mydomain\Domain Computers to be able to request certificates – but no joy
I’m starting to go around in circles now and would appreciate a fresh perspective on where i may be going astray.
All help is appreciated
Thanks
Bex
We’re currently trying to issue machine certificates to Client PCs for a Single Sign On project that we are looking to implement for our connection to an external agency.
I’ve got an Off-line RootCA set up and on the network I’ve got Enterprise Subordinate CA
I’ve set up group policy as per the URL below but the certificate doesn’t issue.
I’ve had PCs in a test OU with the group policy settings and also tried pushing the policy settings via the default domain policy, GPResult shows the policy is being applied but as I say no Certifcate ever gets issued and I can’t see any errors in the event logs
The CA is working fine for issuing User and Web Server certificates.
I set up a test domain within VMWare to test my CA setup off our domain. The XP client within the test domain picked up the machine certificate without issue.
This then got me to thinking it was a rights issue as our main domain is setup as child domain. I found out whilst setting up the CA’s that I need Enterprise Level Rights for publishing certificates within the Child Domain.
On the Certification Authority properties for the Online CA I added mydomain\Domain Computers to be able to request certificates – but no joy
I’m starting to go around in circles now and would appreciate a fresh perspective on where i may be going astray.
All help is appreciated
Thanks
Bex
