Enterprise Root CA

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Blakes7

Thread Starter
Joined
Aug 4, 2006
Messages
245
Hi! I'm setting up a vpn lab, and one of the computers is supposed to be the enterprise root ca. It's a member server. When I try to set up the ca, the enterprise part is greyed out. I did a google search, and an answer was to run adsiedit.msc with 19 steps to setup the public keys service. My question is, do I run this on the domain controller or on the member server I'm going to put the ca on? I tried the member server and received messages that the domain connection couldn't be found, another saying that the connection configuration couldn't be loaded, and one that says the schema coulsn't be loaded. I know I'm connected to the domain since I just joined the member server to the domain, and I pinged it. Any and all responses will be greatly appreciated. Thanks.
 
Joined
Dec 6, 2003
Messages
1,938
I have always set up my CA on a domain controller. In fact, I'd set up the root, issue a certificate, then take the root offline.

I would not use adsiedit. In my opinion, it is the most dangerous tool ever invented for Windows Server 2003.

Courtney
 

Blakes7

Thread Starter
Joined
Aug 4, 2006
Messages
245
Thanks for the response. I'm just following the lab manual. It says to configure the enterprise root ca on the member server. Then I did a google search to find out why the enterprise choice was greyed out, and that's the solution a few sites came up with, including microsoft. I don't know anything about this, and that's why I'm doing it. I can always format and reinstall if something goes wrong. So, should I run adsiedit on the domain controller insteadm of the member server? Thanks.
 

Blakes7

Thread Starter
Joined
Aug 4, 2006
Messages
245
Ok, I figured out how use the adsiedit.msc to connect to the DC, and this shows that the Public Key Services is there. Microsoft says that the reason the enterprise ca is greyed out is:This issue can occur if the Public Key Services container does not exist in the Active Directory directory service. For example, this issue can occur if the ADSIEdit tool (Adsiedit.msc) was used to delete the Public Key Services container. I never used the adsiedit tool before this, and it shows that the Public Key Services container does exist. So, why doesn't the install of the certificate authority show the enterprise ca? I should be able to install an enterprise ca on any server, right? It doesn't have to be DC does it?
 

Blakes7

Thread Starter
Joined
Aug 4, 2006
Messages
245
A google search finally gave me the answer. You have to log-in with an account that is a member of the enterprise admins and the administrator account of the local computer.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top