Windows cannot find a certification authority that processes the request (271861)

SYMPTOMS

When a domain user from a Microsoft Windows 2000 child domain tries to request a user certificate by using the Microsoft Management Console (MMC) Certificates snap-in, the domain user receives the following error message:

Certificate Request Wizard

Windows cannot find a certification authority that will process the request.

If the request is made by using a Microsoft Internet Explorer browser, the domain user receives the following error message:

Certificate Request Denied

Your certificate request was denied
Contact your administrator for further information.

RESOLUTION

To resolve this issue, follow these steps:

From a domain controller in the child domain, log on to the parent domain with a user account that has membership in the Enterprise Admins group.
Click Start, click Programs, click Administrative Tools, and then click the Active Directory Sites and Services snap-in.
In MMC, right-click the Active Directory Sites and Services snap-in, click View, and then click Show Services Mode. This allows you to view the Services folder, which is hidden from view by default.
From the Active Directory Sites and Services snap-in, click Services, click Public Key Services, and then click Certificate Templates. This reveals the complete list of published certificate templates in Active Directory.
Double-click the User certificate template to view the properties.
On the Security tab, click Add to add the Domain Users group of the child domain to the list.
For the Domain Users (CHILDDOMAINNAME\Domain Users) group, select the Read and Enroll rights.
Restart the computer.

MORE INFORMATION

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

279780 Error message: Windows cannot find a certification authority that will process this request

Windows cannot find a certification authority that processes the request (271861)

SYMPTOMS

CAUSE

RESOLUTION

MORE INFORMATION