|Subject:||PKI - AD CS - 2008 - Test Lab setup having issues:|
|Posted by:||Kristin L. Griffin (Kristin L. Griff…@discussions.microsoft.com)|
|Date:||Thu, 10 Jan 2008|
I am new to PKI, and am testing Windows 2008 AD CS in my lab, and have a few
issues. I am hoping you all can help me out.
I have followed the Windows Server 20008 AD CS Step By Step Guide by Roland
My setup is this: LH_DC1 (win2k8 RC0 DC), LH_PKI1 (cert server running
Win2k8 RC0), LH_CLI1 (vista client), al in the contoso domain.
I installed ADCS, ocsp, NDES, and web enrollment on LH_PKI1 for test purposes.
I am using Virtual PC and 2 physical machines to do this.
Here are my problems:
1. Auto Enrollment is not working for computers, however, I can manually
request a certificate and get one successfully. I just don't get one
(computer cert or user cert) automatically when I join the domain or log on.
I get no errors in the event logs. Any tips there?
2. I setup OCSP per the instructions, but the website does not respond -
get 500 internal server error. What am I missing here? I checked the ocsp
dir at: c:\windows\SystemData\ocsp and it is empty.
3. I log in as PKIUSER1 on the vista client (user is a local admin and a
domain user) and type certutil -pulse. I get FAILED, 0x80070005 (win32:5)
Access Denied. What permissions do I need to run this command and other
certutil commands? some work but most are denied to me.
4. I have web enrollment installed on LH_PKI1 server (my root CA), and set
the website up for https, but when I try to request a certificate, the
response is that no certificates were found, I don't have permission to
request a certificate from this CA or an error occurred while accessing
active directory - AD seems fine....any ideas there?
5. How can I see the certificates I have issued in AD?