I've been following the step-by-step guide but instead have recently
installed an Enterprise CA on a w2k3 sp2 member server in a windows 2000 AD
for the purposes of EFS. I've got a few issues so have split them into
different posts. This is the first one:
I have had a couple of event id 80 warnings but the kb articles I have found
relate to a different scenario. My logs show:
Certificate Services could not publish a Certificate for request 10 to the
following location on server <DC Servername>.<domain>.com:
CN=<user>,OU=<xxx>,,DC=<domain>,DC=com. Insufficient access rights to
perform the operation. 0x80072098 (WIN32: 8344).
ldap: 0x32: 00002098: SecErr: DSID-03150646, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
I have done/ checked the following:
- The Ent CA is a member of Cert Publishers Group
- I have imported the Ent CA root certificate into default domain policy >
Trusted Root CA
- On the Ent CA certificates.mmc there is a certificate issued to
administrator by administrator under AD user objects however I believe this
was issued locally on the DC as it is not trusted
- Also on the Ent CA certificates.mmc the certifacte for the Ent CA appears
in Trusted Root CA
- Finally under certificate templates.mmc on the Ent CA I have added our
two DC's computer accounts and given them read/ write and enroll permissions.
I've since rebooted the Ent CA and have not had any more warnings. Have I
done this correctly or maybe done too many steps?
Also, If I go to the CA mmc and look under Issued Certificates, I can see
certificates that have been issued. If I open the certificate I can see that
the certificate validates to a root CA that appears to be trusted by the
remote pc. To ensure this certificate is valid, verify this certificate on
What does this refer to?