PKI - AD CS - 2008 - Test Lab setup having issues:

Giganews Newsgroups
Subject: PKI - AD CS - 2008 - Test Lab setup having issues:
Posted by:  Kristin L. Griffin (Kristin L. Griff…@discussions.microsoft.com)
Date: Thu, 10 Jan 2008

Hi there.
I am new to PKI, and am testing Windows 2008 AD CS in my lab, and have a few
issues.    I am hoping you all can help me out.

I have followed the Windows Server 20008 AD CS Step By Step Guide by Roland
Winkler.

My setup is this:  LH_DC1 (win2k8 RC0 DC), LH_PKI1 (cert server running
Win2k8 RC0), LH_CLI1 (vista client), al in the contoso domain.

I installed ADCS, ocsp, NDES, and web enrollment on LH_PKI1 for test purposes.

I am using Virtual PC and 2 physical machines to do this.

Here are my problems:

1. Auto Enrollment is not working for computers, however, I can manually
request a certificate and get one successfully.  I just don't get one
(computer cert or user cert) automatically when I join the domain or log on.
I get no errors in the event logs.  Any tips there?

2.  I setup OCSP per the instructions, but the website does not respond -
get 500 internal server error.  What am I missing here?  I checked the ocsp
dir at: c:\windows\SystemData\ocsp and it is empty.

3.  I log in as PKIUSER1 on the vista client (user  is a local admin and a
domain user) and type certutil -pulse.  I get FAILED, 0x80070005 (win32:5)
Access Denied.  What permissions do I need to run this command and other
certutil commands?  some work but most are denied to me.

4.  I have web enrollment installed on LH_PKI1 server (my root CA), and set
the website up for https, but when I try to request a certificate, the
response is that no certificates were found, I don't have permission to
request a certificate from this CA or an error occurred while accessing
active directory - AD seems fine....any ideas there?

5.  How can I see the certificates I have issued in AD?

Many thanks,

Kristin

Replies