A
Aaron_Unpublished
Guest
Hello. Trying to request a CA certificate and getting error "Template not found".
My template is indeed there. I can confirm this with "Get-CATemplate" and "certutil -CATemplates".
Shows in Get-CATemplate:
PS C:\> Get-CATemplate
Name Oid
---- ---
VPNUsers 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.10456326.3380958
IPSECIntermediateOnline 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.19
IPSECIntermediateOffline 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.20
Copy of Web Server 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.10138848.1933275
DirectoryEmailReplication 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.29
DomainControllerAuthentication 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.28
KerberosAuthentication 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.33
EFSRecovery 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.8
EFS 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.6
DomainController 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.15
WebServer 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.16
Machine 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.14
User 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.1
SubCA 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.18
Administrator 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.7
Shows in certutil:
C:\>certutil -CATemplates
VPNUsers: VPN Users -- Auto-Enroll
IPSECIntermediateOnline: IPSec -- Auto-Enroll: Access is denied.
IPSECIntermediateOffline: IPSec (Offline request) -- Auto-Enroll: Access is denied.
Copy of Web Server: Copy of Web Server -- Auto-Enroll
DirectoryEmailReplication: Directory Email Replication -- Auto-Enroll: Access is denied.
DomainControllerAuthentication: Domain Controller Authentication -- Auto-Enroll: Access is denied.
KerberosAuthentication: Kerberos Authentication -- Auto-Enroll: Access is denied.
EFSRecovery: EFS Recovery Agent -- Auto-Enroll: Access is denied.
EFS: Basic EFS -- Auto-Enroll: Access is denied.
DomainController: Domain Controller -- Auto-Enroll: Access is denied.
WebServer: Web Server -- Auto-Enroll: Access is denied.
Machine: Computer -- Auto-Enroll: Access is denied.
User: User -- Auto-Enroll: Access is denied.
SubCA: Subordinate Certification Authority -- Auto-Enroll: Access is denied.
Administrator: Administrator -- Auto-Enroll: Access is denied.
CertUtil: -CATemplates command completed successfully.
Error:
PS C:\> certreq -new $path\$scriptName.inf $path\$scriptName.req
Active Directory Enrollment Policy
{AC24B9F5-DD2E-49C0-8985-1B83A7D86FC1}
ldap:
Template not found. Do you wish to continue anyway?
VPNUsers
inf Snip showing CertificateTemplate:
[RequestAttributes]
CertificateTemplate=VPNUsers
Any ideas what would cause this?
Continue reading...
My template is indeed there. I can confirm this with "Get-CATemplate" and "certutil -CATemplates".
Shows in Get-CATemplate:
PS C:\> Get-CATemplate
Name Oid
---- ---
VPNUsers 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.10456326.3380958
IPSECIntermediateOnline 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.19
IPSECIntermediateOffline 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.20
Copy of Web Server 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.10138848.1933275
DirectoryEmailReplication 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.29
DomainControllerAuthentication 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.28
KerberosAuthentication 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.33
EFSRecovery 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.8
EFS 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.6
DomainController 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.15
WebServer 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.16
Machine 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.14
User 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.1
SubCA 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.18
Administrator 1.3.6.1.4.1.311.21.8.16751377.6625077.14962052.2618440.5265971.36.1.7
Shows in certutil:
C:\>certutil -CATemplates
VPNUsers: VPN Users -- Auto-Enroll
IPSECIntermediateOnline: IPSec -- Auto-Enroll: Access is denied.
IPSECIntermediateOffline: IPSec (Offline request) -- Auto-Enroll: Access is denied.
Copy of Web Server: Copy of Web Server -- Auto-Enroll
DirectoryEmailReplication: Directory Email Replication -- Auto-Enroll: Access is denied.
DomainControllerAuthentication: Domain Controller Authentication -- Auto-Enroll: Access is denied.
KerberosAuthentication: Kerberos Authentication -- Auto-Enroll: Access is denied.
EFSRecovery: EFS Recovery Agent -- Auto-Enroll: Access is denied.
EFS: Basic EFS -- Auto-Enroll: Access is denied.
DomainController: Domain Controller -- Auto-Enroll: Access is denied.
WebServer: Web Server -- Auto-Enroll: Access is denied.
Machine: Computer -- Auto-Enroll: Access is denied.
User: User -- Auto-Enroll: Access is denied.
SubCA: Subordinate Certification Authority -- Auto-Enroll: Access is denied.
Administrator: Administrator -- Auto-Enroll: Access is denied.
CertUtil: -CATemplates command completed successfully.
Error:
PS C:\> certreq -new $path\$scriptName.inf $path\$scriptName.req
Active Directory Enrollment Policy
{AC24B9F5-DD2E-49C0-8985-1B83A7D86FC1}
ldap:
Template not found. Do you wish to continue anyway?
VPNUsers
inf Snip showing CertificateTemplate:
[RequestAttributes]
CertificateTemplate=VPNUsers
Any ideas what would cause this?
Continue reading...