Domain Controller Certificate Template Not Available

Select windows server 2008 r2 from the certification authority list.

Domain controller certificate template not available. Membership in both the enterprise admins and the root domain s domain admins group is the minimum required to complete this procedure. This process is secure since the key never leaves the domain. On the compatibility tab clear the show resulting changes check box.

The user either in the single level or parent domain enrolls in the single level certification authority or the parent certification authority. The domain controller authentication template is not published in ad and all options are accessible. If the domain controller certificate template is not available and enhanced logging for auto enrollment is enabled you will see the following event in the application log of a domain controller.

The enterprise ca is located on the parent domain. When you install windows 2008 certification authority a new domain controller certificate template named kerberos authentication is available. On the general tab type domain controller authentication kerberos in template display name.

Life is short enjoy it now. This article describes how you can send certificate requests for all your domain controllers to nexus and import the issued certificates in the truststores of each domain controller. The domain controllers do not have the hotfix 327825 installed.

Certificate template requires multiple 2 or more registration authority ra signatures in the issuance requirements tab. In this scenario the certification authority does not publish the issued certificates to the user s domain server object in the single. Moved by cicely feng wednesday december 12 2012 9 33 am.

If you need more information about the new certificate templates shipped with a windows 2008 ca you can read this article. This is one of the few cases where windows will auto enroll for a certificate without auto enrollment being configured in group policy. Thanks for your input.