AEP enrollment object not showing in Windows 2008
Originally Published: 2013-09-23
Article Number
Applies To
Fedora Auto Enrollment Proxy (AEP)
Microsoft Windows Server 2008
Issue
SYMPTOM #1:
When following the instructions in the RCM Windows PKI admin guide to set up AEP on Windows 2008 server, the enrollment object that is created in the forest root Configuration Context (when the ?Populate AD? button is clicked in the AEP options dialog) is not visible as a valid Certification Authority. Thus you can not request certificates using that object. Any certificate templates that are assigned to that object will not be valid certificate templates for enrollment.
SYMPTOM #2:
Another symptom that you may observe is that certificate templates which were explicitly assigned to the RHCS (Red Hat Certificate System) enrollment object do not function for enrollment.
Cause
For the second symptom, since the RCM Windows PKI admin guide requires that Microsoft Certificate Services be installed on the AEP host, the Microsoft Certificate Services installation creates an enrollment object in the forest root Configuration Context as well. If the 'displayName' attribute is not set as above for the RHCS enrollment object, only templates that are assigned to the Microsoft Certificate Services object that was created will be available.
Resolution
As a workaround, populate the 'displayName' of the enrollment object using ADSI Edit with a descriptive name:
=> ADSI Edit
=> Configuration [hostname.domain.net]
=> 'CN=Configuration,DC=domain,DC=net'
=> 'CN=Services'
=> 'CN=Public Key Services'
=> 'CN=Enrollment Services'
=> 'CN=Red Hat Certificate System Proxy'
=> update 'displayName' attribute with a descriptive name, such as 'RCM Win2k8 CA' or 'AEP Proxy'.
Notes
Related Articles
RSA Identity Management and Governance Group Access is not shown under the account popup screen for users Number of Views RSA Identity Governance & Lifecycle email approval macro ValidReplyAnswers orders URL in the wrong order Number of Views Entitlements manually added when an Application has 'Complete Manual Activity Before Collection' enabled do not show in th… Number of Views Member of User Groups showing <unavailable> in All Users report Number of Views 8.5P4 linux webtier shows online-reinstall required Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Authentication Manager Patch Updates RSA SecurID Software Token 4.1.2 and 4.2.1 for Mac OS X displays: No token storage device was detected. Verify that the de… How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows
Don't see what you're looking for?
