1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems With Advanced Certificate Requests

Discussion in 'Computer Security' started by Stuzzle, Dec 22, 2013.

  1. Stuzzle

    Stuzzle Byte Poster

    150
    7
    34
    Hi guys,

    I am trying to lab VPN reconnect and currently following instructions from Configuring VPN1

    I have installed Certificate Services on the VPN server, created and issued the certificate template, and adjusted IE security options.

    The issue comes when trying to request a server authentication certificate. After I log on to the local certsrv and click to submit an advanced certificate request, the page loads straight through to Submit a Certificate Request or Renewal Request (as per cert1.png attachment).

    What I apparently should see is a page with 2 options, including the correct one "Create and submit a request to this CA" (as per cert2.png attached)

    This is the 2nd server VM where I have become stuck on this issue. Google does not provide me with much help so far and mostly advises on the actual certificate templates missing when requesting.

    Surely someone else has had this issue before and knows how to resolve. Please advise :blink
     

    Attached Files:

    Certifications: A+, MCSA: Windows 7, 70-640, 70-642
    WIP: 70-646
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Does the page not change after you click on the "Submit a certificate..." link?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. Stuzzle

    Stuzzle Byte Poster

    150
    7
    34
    After I click "Submit an advanced certificate request" on the Request a Certificate page, it takes me straight through to Submit a Certificate Request or Renewal Request and wants me to enter saved-request details for a base-64-encoded cert request..but apparently what it Should do is give me a page with 2 links (as per the cert2.png) to chose between submitting the cert/renewal request OR the "Create and submit a request to this CA" link, which every Microsoft walkthrough points to, but somehow I have been missing on 2 different VM's now :/
     
    Certifications: A+, MCSA: Windows 7, 70-640, 70-642
    WIP: 70-646
  4. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  5. Stuzzle

    Stuzzle Byte Poster

    150
    7
    34
    I double checked that the local Certificate Service DCOM Access group was populated and the security settings were checked on the certificate template itself.

    It turns out when I install the basic settings on the DC the pages work as they should do and point me to the correct page....but for some reason having it separately on VPN1 stops the correct pages being presented
    Would this be something group policy based causing this?

    Edit: So loading up IE on the VPN server and entering domain admin credentials gives the error. Loading up IE on the DC and pointing to http://vpn1/certsrv and using domain admin credentials Does give me the correct page (certrqad.asp in this case) :blink ....sooo...this would be a computer account not being entered into a correct security group somewhere??
     
    Last edited: Dec 24, 2013
    Certifications: A+, MCSA: Windows 7, 70-640, 70-642
    WIP: 70-646

Share This Page

Loading...