AEP enrollment object not showing in Windows 2008
Originally Published: 2013-09-23
Article Number
Applies To
Fedora Auto Enrollment Proxy (AEP)
Microsoft Windows Server 2008
Issue
SYMPTOM #1:
When following the instructions in the RCM Windows PKI admin guide to set up AEP on Windows 2008 server, the enrollment object that is created in the forest root Configuration Context (when the ?Populate AD? button is clicked in the AEP options dialog) is not visible as a valid Certification Authority. Thus you can not request certificates using that object. Any certificate templates that are assigned to that object will not be valid certificate templates for enrollment.
SYMPTOM #2:
Another symptom that you may observe is that certificate templates which were explicitly assigned to the RHCS (Red Hat Certificate System) enrollment object do not function for enrollment.
Cause
For the second symptom, since the RCM Windows PKI admin guide requires that Microsoft Certificate Services be installed on the AEP host, the Microsoft Certificate Services installation creates an enrollment object in the forest root Configuration Context as well. If the 'displayName' attribute is not set as above for the RHCS enrollment object, only templates that are assigned to the Microsoft Certificate Services object that was created will be available.
Resolution
As a workaround, populate the 'displayName' of the enrollment object using ADSI Edit with a descriptive name:
=> ADSI Edit
=> Configuration [hostname.domain.net]
=> 'CN=Configuration,DC=domain,DC=net'
=> 'CN=Services'
=> 'CN=Public Key Services'
=> 'CN=Enrollment Services'
=> 'CN=Red Hat Certificate System Proxy'
=> update 'displayName' attribute with a descriptive name, such as 'RCM Win2k8 CA' or 'AEP Proxy'.
Notes
Related Articles
Access User Access Review not showing indirect entitlements associated with a role for RSA Identity Governance & Lifecycle… Number of Views Adding a new user attribute in a user profile in RSA Authentication Manager 8.x Number of Views Users from an external identity source are listed as disabled in the RSA Authentication Manager 8.x Security Console Number of Views A large number of user sessions showing on the UI in SecurID Governance & Lifecycle Number of Views RSA Identity Governance & Lifecycle display order and value of report column changes automatically Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
