Installation and Configuration, ADCA - Troubleshooting

The permissions on the certificate template do not allow the current user to enroll for this type of certificate

 

Problem:

Renew throws error: 0x80094012 (-2146877422) Certificate Request Processor: The permissions on the certificate template do not allow the current user to enroll for this type of certificate.

Cause:

Security is configured correct incorrectly on the LocalID certificate template.

Fix:

Configure permissions on the ”LocalID” certificate Template on the Domain Controller or Member server running the ”Certificate Authority”:

  • Right-click ”Certificate Temples” and select ”Manage” in the context menu.

  • ”Certificate Templates Console” opens.

  • Right click ”LocalID” template

    • Select Tab->Security

  • Select ”Authenticeded Users”

  • In the Permissions for Authenticeded Users select Enroll under Allow

 

The requested certificate template is not supported by this CA

 

Problem:

Issue or Renew throw error CertEnroll::CX509CertificateRequestPkcs10:: InitializeFromPrivateKey: The requested certificate template is not supported by this CA. 0x80094800 (-2146875392)

Cause:

Certificate Template ”LocalID” is not configured

Fix:

Configure the ”LocalID” certificate template as described in the documentation.

No valid certificates on chip card

 

Problem:

Client reports “No valid certificates on chip card” at logon.

Cause-A:

Root certificates from the CA-issuing service are not trusted.

Fix-A:

Verify that the correct CA is used and root certificates are present on the desktop and domain controller servers.

Cause-B:

The issued User certificates are not updated on the user in Active Directory (verify that the attribute UserCertificate is present on the user object, using ADSIEdit).

Fix-B:

On the certificate template under the tab “General” verify that ”Publish certificate to Active Directory” is set.

Verify that Active Directory Domain Controller replication is functional.

Cause-C:

Mini driver setting is not present in registry located in “HKEY_LOCAL_MACHINE\SOFTWARE\cv cryptovision\sc interface” and “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\cv cryptovision\sc interface”

Fix-C:

Reinstall the LocalID product to re-establish the settings.

 

© All rights reserved Liga Software ApS 2014 - 2022