Re: [ActiveDir] unable to generate ssl cert

[Steve Patrick]

Can you elaborate on the sentence:   " But a few days ago, I had to reinstall my AD & exchange server due to AD crash. After that, I was unable to generate ssl cert."   Was the Certificate Server installed prior or after that event? I assume you installed an Enterprise CA  - please correct me if I am wrong. You should check the permissions on the "web server" template...Do authenticated users have read and enroll?     If you need to troubleshoot it more - I would need to see a few things , one of which is the following:   certutil.exe -view -restrict requestid=XX  > request.txt   Where XX  == the request ID of the failed (due to access denied) request.   -steve   ----- Original Message ----- From: Lara Adianto To: [EMAIL PROTECTED] Sent: Monday, August 23, 2004 3:45 AM Subject: [ActiveDir] unable to generate ssl cert Hello,   I have a problem of generating SSL cert for owa 2003 form based authentication. My environment is as follows: PC A --> acts as DC, domain=example.com PC B --> where ms exchange 2003 and cert authority is installed, configured to be the member of domain=example.com   I have tested OWA without form-based auth and now would like to enable form based authentication. I followed the steps outlined in http://www.msexchange.org/tutorials/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html, but I was unable to generate the SSL cert with the following error logged in event viewer: "Certificate Services denied request 4 because Access is denied.  0x80070005 (WIN32: 5).  The request was for C=xx, S=xxx, L=xxx, O=xxx, OU=xx, CN=xxx.xx.x.  Additional information: Denied by Policy Module I have googled and followed the instruction from this site: http://support.microsoft.com/default.aspx?scid=kb;en-us;281271 but the problem persists !   The only step I was unsure is from the instruction is: "Set permissions on the applicable certificate templates to allow users in the child domain to enroll. (NOTE: You must be logged onto the root domain with domain administrator rights.). I'm not sure which template's permission that I should modify and anyway, I'm unable to set any modification to the permission (I have permission to view only which is weird because I logged in as administrator !).   This is strange ! I was able to generate cert and have form-based authentication working before. But a few days ago, I had to reinstall my AD & exchange server due to AD crash. After that, I was unable to generate ssl cert. I really have no idea why ssl cert generation which was working before now failed...Any idea guys how to trace the source of problem ?   Thanks ! ------------------------------------------------------------------------------------ La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------------------ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now.