PDA

View Full Version : Autoenrollment of Computer Certificates not working as expected.

Steve
I set up autoenrollment for computer certificates as described in
Microsoft Knowledge Base Article - 313407. However when I refresh my
computer policy on my windows XP machines I am not getting a computer
certificate (MMC certificates, Local computer, personal store). I see
a SceCli Security Policy has been applied successfully after a
gpupdate /target:computer. Any ideas on how to figure out what is
going on?

TIA,
Steve
Steven L Umbach
Make sure that the computers are within the scope of influence of the policy. For
example if you configured it at the OU level, the computers must be in that OU
structure. Also check that your CA is working correctly by trying to request a
machine certificate from the mmc certificate snapin for computer. Your CA must be an
Enterprise CA for this to work. The link below may be helpful. --- Steve

http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp

"Steve" wrote in message
news:2b08807f.0404140646.23fd7496@posting.google.com...
> I set up autoenrollment for computer certificates as described in
> Microsoft Knowledge Base Article - 313407. However when I refresh my
> computer policy on my windows XP machines I am not getting a computer
> certificate (MMC certificates, Local computer, personal store). I see
> a SceCli Security Policy has been applied successfully after a
> gpupdate /target:computer. Any ideas on how to figure out what is
> going on?
>
> TIA,
> Steve


Steve
Is there a way to convert a CA over from stand-alone root CA to
enterprise root without having to regenerate all the issued
certificates?

TIA,
Steve

"Steven L Umbach" wrote in message news:...
> Make sure that the computers are within the scope of influence of the policy. For
> example if you configured it at the OU level, the computers must be in that OU
> structure. Also check that your CA is working correctly by trying to request a
> machine certificate from the mmc certificate snapin for computer. Your CA must be an
> Enterprise CA for this to work. The link below may be helpful. --- Steve
>
> http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
>
> "Steve" wrote in message
> news:2b08807f.0404140646.23fd7496@posting.google.com...
> > I set up autoenrollment for computer certificates as described in
> > Microsoft Knowledge Base Article - 313407. However when I refresh my
> > computer policy on my windows XP machines I am not getting a computer
> > certificate (MMC certificates, Local computer, personal store). I see
> > a SceCli Security Policy has been applied successfully after a
> > gpupdate /target:computer. Any ideas on how to figure out what is
> > going on?
> >
> > TIA,
> > Steve
Steven L Umbach
There may be, but I am not sure of how it is done if it can be done so I can't
comment any further as I don't want to steer you the wrong way. --- Steve


"Steve" wrote in message
news:2b08807f.0404190907.52d2c7a1@posting.google.com...
> Is there a way to convert a CA over from stand-alone root CA to
> enterprise root without having to regenerate all the issued
> certificates?
>
> TIA,
> Steve
>
> "Steven L Umbach" wrote in message
news:...
> > Make sure that the computers are within the scope of influence of the policy. For
> > example if you configured it at the OU level, the computers must be in that OU
> > structure. Also check that your CA is working correctly by trying to request a
> > machine certificate from the mmc certificate snapin for computer. Your CA must be
an
> > Enterprise CA for this to work. The link below may be helpful. --- Steve
> >
> > http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
> >
> > "Steve" wrote in message
> > news:2b08807f.0404140646.23fd7496@posting.google.com...
> > > I set up autoenrollment for computer certificates as described in
> > > Microsoft Knowledge Base Article - 313407. However when I refresh my
> > > computer policy on my windows XP machines I am not getting a computer
> > > certificate (MMC certificates, Local computer, personal store). I see
> > > a SceCli Security Policy has been applied successfully after a
> > > gpupdate /target:computer. Any ideas on how to figure out what is
> > > going on?
> > >
> > > TIA,
> > > Steve