"No Certificate Templates Could Be Found" Error Message When User Requests Certificate from CA Web Enrollment Pages (811418)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition

SYMPTOMS


When a user tries to request a certificate from the certification authority (CA) Web enrollment pages, the user may receive the following error message:
No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.
This behavior occurs if the Web enrollment pages are in an Active Directory domain on an Enterprise CA server. It occurs whether the Web enrollment pages are on the same server or on a different member server.

CAUSE

The CA Web enrollment pages perform a case-sensitive string comparison of two values. One value is the sServerConfig value in the Certdat.inc file in the %systemroot%\System32\Certsrv folder on the certificate server, and the other value is the dnsHostName attribute on the pkiEnrollmentService object in Active Directory. If the two strings do not match, including the case match, the enrollment fails.

RESOLUTION

To correct this behavior, follow these steps:
  1. View the Active Directory dNSHostName attribute on the pkiEnrollmentService object. This object is in the following location:

    CN=CertificateServer,CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=MyDomain,DC=com

    To view the dNSHostName attribute, use ADSIEdit.msc or LDP.exe.
  2. Edit the Certdat.inc file so that the value for sServerConfig is the same as the value for the dNSHost Name attribute.
  3. Have the user who wants to request the certificate restart Internet Explorer. This permits the new credentials to pass to the CA.

MORE INFORMATION

For additional information about a related issue, click the following article number to view the article in the Microsoft Knowledge Base:

239452 "Access Denied" When Requesting Certificate Through Web Access

Modification Type:MajorLast Reviewed:4/5/2004
Keywords:kbprb KB811418
©2004 Microsoft Corporation. All rights reserved.