AEP enrollment object not showing in Windows 2008
Originally Published: 2013-09-23
Article Number
Applies To
Fedora Auto Enrollment Proxy (AEP)
Microsoft Windows Server 2008
Issue
SYMPTOM #1:
When following the instructions in the RCM Windows PKI admin guide to set up AEP on Windows 2008 server, the enrollment object that is created in the forest root Configuration Context (when the ?Populate AD? button is clicked in the AEP options dialog) is not visible as a valid Certification Authority. Thus you can not request certificates using that object. Any certificate templates that are assigned to that object will not be valid certificate templates for enrollment.
SYMPTOM #2:
Another symptom that you may observe is that certificate templates which were explicitly assigned to the RHCS (Red Hat Certificate System) enrollment object do not function for enrollment.
Cause
For the second symptom, since the RCM Windows PKI admin guide requires that Microsoft Certificate Services be installed on the AEP host, the Microsoft Certificate Services installation creates an enrollment object in the forest root Configuration Context as well. If the 'displayName' attribute is not set as above for the RHCS enrollment object, only templates that are assigned to the Microsoft Certificate Services object that was created will be available.
Resolution
As a workaround, populate the 'displayName' of the enrollment object using ADSI Edit with a descriptive name:
=> ADSI Edit
=> Configuration [hostname.domain.net]
=> 'CN=Configuration,DC=domain,DC=net'
=> 'CN=Services'
=> 'CN=Public Key Services'
=> 'CN=Enrollment Services'
=> 'CN=Red Hat Certificate System Proxy'
=> update 'displayName' attribute with a descriptive name, such as 'RCM Win2k8 CA' or 'AEP Proxy'.
Notes
Related Articles
Access User Access Review not showing indirect entitlements associated with a role for RSA Identity Governance & Lifecycle… Number of Views Adding a new user attribute in a user profile in RSA Authentication Manager 8.x Number of Views Users from an external identity source are listed as disabled in the RSA Authentication Manager 8.x Security Console Number of Views RSA Identity Governance & Lifecycle display order and value of report column changes automatically Number of Views RSA Identity Governance & Lifecycle email approval macro ValidReplyAnswers orders URL in the wrong order Number of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.4.3 for Microsoft Windows Group Policy Object Template Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.4.3 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
