Troubleshooting - Page 9 - Uwe Gradenegger

Publishing a certificate template on a CA fails with error message "The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or there are replication delays. Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)".

Assume the following scenario:

An administrator publishes a certificate template on a certificate authority.
The operation fails with the following error message:

The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or there are replication delays. Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_INTERNET_NAME_NOT_RESOLVED".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

The name or address could not be resolved 0x80072ee7 (INet: 12007 ERROR_INTERNET_NAME_NOT_RESOLVED)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_INTERNET_TIMEOUT".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

The operation timed out 0x80072ee2 (INet: 12002 ERROR_INTERNET_TIMEOUT)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "WS_E_ENDPOINT_FAILURE".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

The remote endpoint could not process the request. 0x803d000f (-2143485937 WS_E_ENDPOINT_FAILURE)

Certificate Enrollment Web Service (CES) request fails with error code "WS_E_INVALID_ENDPOINT_URL".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

Certificate Request Processor: The endpoint address URL is invalid. 0x803d0020 (-2143485920 WS_E_INVALID_ENDPOINT_URL)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "WS_E_ENDPOINT_UNREACHABLE".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

The remote endpoint was not reachable. 0x803d0010 (-2143485936 WS_E_ENDPOINT_UNREACHABLE)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_CANNOT_CONNECT".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

Certificate Request Processor: A connection with the server could not be established 0x80072efd (WinHttp: 12029 ERROR_WINHTTP_CANNOT_CONNECT)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_TIMEOUT".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

Certificate Request Processor: The operation timed out 0x80072ee2 (WinHttp: 12002 ERROR_WINHTTP_TIMEOUT)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_NAME_NOT_RESOLVED".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

Certificate Request Processor: The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_INVALID_CA".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

Die Zertifizierungsstelle ist ungültig oder fehlerhaft. 0x80072f0d (WinHttp: 12045 ERROR_WINHTTP_SECURE_INVALID_CA)

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "WS_E_OPERATION_TIMED_OUT".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

Certificate Request Processor: The operation did not complete within the time allotted. 0x803d0006 (-2143485946 WS_E_OPERATION_TIMED_OUT)

Requesting certificates via Certificate Enrollment Policy Web Service (CEP) fails with error message "The requested certificate template is not supported by this CA."

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Policy Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

The requested certificate template is not supported by this CA.

Enable debug logging for Certificate Enrollment Policy Web Service (CEP)

When trying to track down an error in the Certificate Enrollment Policy Web Service (CEP), it is helpful to enable debug logging.

Requesting certificates via Certificate Enrollment Policy Web Service (CEP) fails with error message "ERROR_WINHTTP_CONNECTION_ERROR".

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Policy Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
The operation fails with the following error message:

Fehler: Die Serververbindung wurde aufgrund eines Fehlers beendet. 0x80072efe (WinHttp:12030) ERROR_WINHTTP_CONNECTION_ERROR

Requesting certificates via the Certificate Enrollment Policy Web Service (CEP) fails with error message "A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted."

Assume the following scenario:

You try to request a certificate via a Certificate Enrollment Policy Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
To do this, use the Microsoft Management Console (MMC), either for the logged-in user (certmgr.msc) or for the computer (certlm.msc).
However, the list of available certificate templates within the MMC is completely empty.
In the list of available certificate templates within the MMC, all certificate templates are displayed. At all desired certificate templates it is written:

Cannot find Object or property.
A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted.