locked
Error-The permissions on the certificate Template do not allow the current user to enroll for this type of certificate. 0x80094012 (-2146877422) RRS feed

  • Question

  • Hi There,

    I have a complex issue related to the Certificate template. the enviroment at my end is as follows-

    I have 2 machines -

    1) windows server 2012 R2 , a domain controller having the certificate enrollment custom application, that enroll the certificate to the user.

    2) windows server 2008 R2 , a member server having the Certificate Authority configured.

    i dont want to add authenticated user group in my certificate template . so i have created a new Certificate Template , removed the Authenticated Users group from the ACL of this template and added a new user group with the read and enroll permission on it.

    when i tried to enroll the certificate from 2012 R2 machine i am getting the error of "The permissions on the certificate Template do not allow the current user to enroll for this type of certificate. 0x80094012 (-2146877422)"

    i tried to find out the reason , then from one of the blog i come to know this-

    "CA itself is included in the Authenticated User’s group. Once we remove this group from the certificate template, the Certificate Authority stops contacting with the template, as a result we get the error in the system log as well as in the revoked certificates list–“Certificate Request Denied” So if you do not want to add Authenticated user group in the template, you have to add the CA computer machine’s name in the template with the read permission on it.

    i tried it but still i am facing the issue.

    one more thing is if i tried to enroll certificate using mmc without my certificate enrollment custom application, enrollment is taking place.

    Kindly help me to resolve this.

    Regards

    Sonam


    • Edited by Sonam Goel Monday, April 13, 2015 6:41 AM
    Monday, April 13, 2015 6:37 AM