Title: Certificate Authority unable to publish certs in AD

Hi guys

For some weird reason im getting the below errors on the certificate authority. CA is a one level issuing enterprise Ca, running on win2003 Enterprise Edition, with autoenrollment enable for a few usernames. GPO has been enabled for autoenrollment for both user and computer portion. Cert templates has been given the rights and is issuing User Certificate type successfully to the local machines…but NOT publishing it to the usercertificate attribute...

Eventlog 80 on the CA server:
Certificate Services could not publish a Certificate for request 264 to the following location on server SINDC01.intlsos.com: CN=Oliva O.CUNTAPAY,OU=Users,OU=SIN,DC=intlsos,DC=com.  Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344).

ldap: 0x32: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Eventlog on the domain controller:
Event Type:     Failure Audit
Event Source:   Security
Event Category: Directory Service Access
Event ID:       566
        Accesses:       Write Self                     
                Personal Information

        Additional Info:       
        Additional Info2:      
        Access Mask:    0x8

Things ive verified so far:
1)      the CA computer account is listed in Cert Publisher group
2)      Have modified Cert Publisher group to be a domain local group (its an upgrade from 2000 domain)
3)      Verified that Cert Publisher has Read/Write UserCertificate attrb

Any suggestions?

Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Infrastructure Services Engineer
InternationalSOS Pte Ltd
phone: (+65) 6330-9785

Reply via email to