Duplicate Certificate Templates Appear in Active Directory (264589)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q264589

SYMPTOMS

Duplicate certificate templates may appear in Active Directory when you attempt to create or modify an Automatic Certificate Request, Public-Key Policy.

CAUSE

This behavior occurs when an additional Enterprise Certificate Authority (CA) is installed in Active Directory before the certificate template objects are completely replicated throughout the enterprise. When this happens, a replication collision occurs.

RESOLUTION

To resolve this issue, use the following steps:
  1. Click Start, click Run, type dssite.msc, and then press ENTER.
  2. Click View from the list, and then click Show Services Node.
  3. Expand the Services node.
  4. Expand Public Key Services.
  5. Click Certificate Templates.
  6. The right side of the screen is populated with certificate templates. Select all objects that have a Globally Unique Identifier (GUID) at the end of the object name, as shown in the following example:
       Machine|CNF:486198d0-d3ce-4dcd-82...
  7. Press DELETE.
  8. Allow intra-site and inter-site replication to finish before you add any additional Enterprise CAs.

MORE INFORMATION

For additional information about replication collision, click the article number below to view the article in the Microsoft Knowledge Base:

218614 Replication Collisions in Windows 2000

Modification Type:MajorLast Reviewed:10/29/2003
Keywords:kbActiveDirectoryRepl kbCertServices kbenv kbGPO kbPPKey kbprb kbSchema w2000certsrv KB264589
©2003 Microsoft Corporation. All rights reserved.