Jump to content

IIS + CA?

lubinski
 Share

Recommended Posts


CoffeeFiend

CoffeeFiend

Posted
Posted
IIS will need to be installed on the CA if you want to web enrollment, you cannot host the web enrollment webpage on another IIS box

You can, but "the computer account must be trusted for delegation in Active Directory" as technet says.

We use 3rd party certificate stuff though, never really played much with Windows' own...

Link to comment
Share on other sites
lubinski

lubinski

Posted
  • Author
Posted (edited)

I try to request a certificate through web enrollment it says the same.

"An unexpected error has occurred: The Certification Authority Service has not been started."

It seems to have broke itself??

Anyway. I got ssl website to work with user authenticated session certificates. Just the web enrollment broke for some reason.

My CA, IIS, and DC servers all have delegation for all services, enabled.

I need the web enrollment as a way to get the root ca distributed down. This is a lab environment so I am trying to do it the "right way"

Edited by lubinski
Link to comment
Share on other sites
lubinski

lubinski

Posted
  • Author
Posted

The CA server:

here are some recent log entries for the certsvc:

-Could not connect to the Active Directory. Certificate Services will retry when processing requires Active Directory access.

-The "Windows default" Policy Module "Initialize" method returned an error. The specified domain either does not exist or could not be contacted. The returned status code is 0x8007054b (1355). The Active Directory containing the Certification Authority could not be contacted.

userenv service errors:

-Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. x2

Link to comment
Share on other sites
lubinski

lubinski

Posted
  • Author
Posted

I did some research and it may be that it cant contact the domain dns. So I checked the DC event log and heres what I found:

The DNS server was unable to complete directory service enumeration of zone contoso.local. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

?

Link to comment
Share on other sites
CoffeeFiend

CoffeeFiend

Posted
Posted
I have begun to think web enrollment is POS either that or IIS take your pick....

I've had exactly 0 issues with IIS as an app & web server. So I think I know which one I'd blame ;)

We don't use certificate services in the first place, so I can't really say if it sucks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...