"Access Denied" When Requesting Certificate Through Web Access

ID: Q239452

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Server

SYMPTOMS

You can request a certificate through a Web browser for a Certificate Authority (CA) in the enterprise. The request is usually issued to the CA in the form of "http://CA/certsrv." When you do so, the following message may be received:

Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 53
Date: Date
Time: Time
User: N/A
Computer: ComputerCA

Description: Certificate Services denied request % because Access is denied. 0x80070005 (WIN32: 5). The request was for (Unknown Subject). Additional information: Denied by Policy Module.
If you use the Certificate Management console to request the certificate, you may receive the following error message when you start the Microsoft Management Console (MMC) snap-in:
Cannot find a Certificate Authority to Process this Request.


CAUSE

This behavior can occur for the following reasons:

  • The Certificate Authority service is not running.


  • You do not have Read and Enroll permission for the template of the certificate that you are requesting.



RESOLUTION

To resolve this issue:

  • Start the Certificate Services service.


  • Grant Read and Enroll access for the template to the appropriate user or group by using the Sites and Services snap-in. You can set the access rights on the Security tab by expanding the following items: Services, Public Key Services, Certificate Templates. Note that the Show Services Node check box must be selected on the View menu to see the Services tab.



STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.


MORE INFORMATION

When a CA is installed, domain users and domain administrators are granted Enroll access, but authenticated users are granted Read access by default. This causes problems with child and parent domains, depending on where the CA is installed. This also causes some templates not to appear in the list of available templates in a Web browser.

Additional query words:

Keywords : kberrmsg kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.