Posted August 14, 200717 yr Hello everybody, I have the following problem on my AD-Domain (3 Domain Controllers with MS-PKI): all the domain controllers have recurrent errors in the Application Event Viewer that say: "Automatic Certificate Enrollment for local system could not find a valid certificate templete to match DomainControlleras specified in the group policy automatic enrollment object. Enrollment will not be performed." The "DomainController" template is the standard template, which I have removed from the "Certificta templates to issue" container. Besides, I have created a new personnalized DomainController template, called MyDomainController, which is accepted by all the CDs, i.e. all the 3 of them have been issued a valid certificate. Nevertheless, all domain controllers still ask for a "DomainController" Certificate, although there is no entry at all in the Default Domain Controller Policy (--> Computer Settings --> Windows Settings --> Security Settings --> Public Key Policies --> Automatic Certificate Request Settings). If I try to reintegrate the "DomainController" template on the CA to -- > Certificate Authority --> My CA --> Certificate Templates: New Cert Template to issue, I get the following error: "The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or these are replication delays. One or more certificate templates to be enables on this certificate authority could not be found. The changes can be saved to Active Directory and retrieved by the CA next time it is started. Do you want to save the changes to Active Directory?". Clicking "Yes" and restarting the CA does not solve the problem... Did anyone have the same problem? Any ides? Thanks in advance, Grovnasch
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.