2008 R2 Certificate Services   1 comment

I could almost cry over this one – it’s a classic case of trying to be too thorough being my undoing.
I’ve had issues with Server 2003 machines not enrolling correctly against a 2008 R2 enterprise CA, but not matter what error I typed in verbatim into the various seach engines, I couldn’t find much at all, let alone anything useful. Eventually, I plonked “Server 2003” SHA512 error site:microsoft.com into Google and low and behold, the best possible result comes up: a knowledgebase article! (And as a tidbit of interest, I put the same search into Bing, and it returned the result second in the list, compared to Google’s seventh! Way to go, Bing!)
Here’s some details:
Server 2008 R2 CA information
Signing is in SHA512 (though the article applies to SHA256 as well)
Server 2003 information
Partial error text:
  • From viewing the Trusted Root certificate:
    • General tab: The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered.
    • Certification Path tab: Certificate status: The certificate has a nonvalid digital signature.
  • From trying to request a new certificate:
    • The wizard cannot be started because of one or more of the following conditions:
      – There are no trusted certification authorities (CAs) available.
      – You do not have the permissions to request certificates from the available CAs.
      – The available CAs issue certificates for which you do not have permissions.

In reality, that last dialog should have had a fourth option, I think: You might need an update to your cryptographic provider! Yeah! Anyway, without further ado, you can find the Microsoft support article here! Hopefully this helps if you’re having trouble resolving the same problem I had! (The Server 2003 problem, that is – not the poor searching issue!)


PS, here’s two other links I stumbled across that are potentially really good to have on hand, even if they apply to different versions of ADCS:


Posted February 5, 2010 by Lain Robertson in Windows Server 2008 R2

Tagged with ,

One response to “2008 R2 Certificate Services

Subscribe to comments with RSS.

  1. Thank you, you saved my weekend! This issue was driving me crazy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: