CA enrollment issues.

TheMSsForum.com: The Microsoft Software Forum

I'm implementing the 802.11 wireless using Windows. My network consist of 2
forest and one child. In domain A I created a Enterprise CA "its a windows
2003 standard server" and started auto enrolling certificate to computers in
domain A and everything is fine. In the other two domains certifiactes arent
getting issued. Is CA only domain specific? Can I have one CA to be
responsible for the enterprise?I made the same group policy change in domain
B and C as I did A. Thoughts?

-Michael
Top

Re: CA enrollment issues. by Mark

Mark
Wed Jun 22 11:24:24 CDT 2005

First, your description says you have 2 forests. Autoenrollment can not
work cross forest, to my knowledge. One might be able to make that happen
with a two way trust and the right AD duct tape and super glue.

Assuming that you meant there was a single forest with a total of 3 domains,
make sure that the templates have had their permissions changed to allow
members of the other domain to enroll and auto enroll.

Cheers,

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



"Mike Cave" <MikeCave@discussions.microsoft.com> wrote in message
news:03D35038-3AB8-472D-9DA1-C137B94E57CB@microsoft.com...
> I'm implementing the 802.11 wireless using Windows. My network consist of
> 2
> forest and one child. In domain A I created a Enterprise CA "its a windows
> 2003 standard server" and started auto enrolling certificate to computers
> in
> domain A and everything is fine. In the other two domains certifiactes
> arent
> getting issued. Is CA only domain specific? Can I have one CA to be
> responsible for the enterprise?I made the same group policy change in
> domain
> B and C as I did A. Thoughts?
>
> -Michael


Top

Re: CA enrollment issues. by Steven

Steven
Thu Jun 23 11:57:10 CDT 2005

Keep in mind that you are not really using autoenrollment but "automatic
request" for computer certificates. Autoenrollment requires version 2
certificate templates which are only available when you install an
enterprise CA on Enterprise version of Windows 2003 Server. See the link
below on how to allow child domain computers to obtain certificates from a
parent domain CA. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;281271

"Mike Cave" <MikeCave@discussions.microsoft.com> wrote in message
news:03D35038-3AB8-472D-9DA1-C137B94E57CB@microsoft.com...
> I'm implementing the 802.11 wireless using Windows. My network consist of
> 2
> forest and one child. In domain A I created a Enterprise CA "its a windows
> 2003 standard server" and started auto enrolling certificate to computers
> in
> domain A and everything is fine. In the other two domains certifiactes
> arent
> getting issued. Is CA only domain specific? Can I have one CA to be
> responsible for the enterprise?I made the same group policy change in
> domain
> B and C as I did A. Thoughts?
>
> -Michael


Top