The server was already setup when I got it
Certificate Authority Role grayed out post deployment
I pretty much have the same issue described on this post, but no clear view on how it was fixed. This is not a new role install, a former admin previously installed it. happening on four servers, two on its own separate domain.
On server manager, I get a yellow flag to configure active directory certificate services on the destination server; I go through the credentials, hit next, then the checkmarks are grayed out, and no way to click next or configure. The only option is to go previous or cancel.
5 answers
Sort by: Newest
-
-
joako537 11 Reputation points
2021-03-29T13:20:55.237+00:00 such as the domain environment
Is just a two servers as a backup with AD DS role, fileserver role and AD CAWhat's the ca type did you try to install?
It was installed already by a previous admin, its a seflsigned CA certificate ServerWhat's the credential did you use to do
I used my own domain admin account, and a service accountAlso, of possible , please share a screenshot of the error message here(please hide the private information)
-
joako537 11 Reputation points
2021-03-26T13:32:04.19+00:00 also this error
122.3064.0:<2018/5/28, 13:14:5>: 0x80041002 (-2147217406)
122.2663.0:<2018/5/28, 13:14:5>: 0x80041002 (-2147217406): Application.Path="/ADPolicyProvider_CEP_Kerberos",SiteName="Default Web Site"
123.1203.0:<2018/5/28, 13:14:5>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
121.749.0:<2018/5/28, 13:14:5>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): C:\Windows\SystemData\CEP\ADPolicyProvider_CEP_Kerberos
122.3064.0:<2018/5/28, 13:14:5>: 0x80041002 (-2147217406)
122.2575.0:<2018/5/28, 13:14:5>: 0x80041002 (-2147217406): ApplicationPool.Name="WSEnrollmentPolicyServer"
122.3064.0:<2018/5/28, 13:14:5>: 0x80041002 (-2147217406) -
joako537 11 Reputation points
2021-03-26T12:43:23.463+00:00 Also found that thread and the servers aren't using work folders
this is the latest error on certocm.log
402.478.948: Begin: 3/24/2021 9:19 AM 03.214s
402.483.0: wsmprovhost.exe
402.491.0: GMT - 4.00
104.138.0: certca.dll: 10.0.14393.3053 retail
104.138.0: certocm.dll: 10.0.14393.3053 retail
437.633.0:<2021/3/24, 9:19:03>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): CADescription
437.633.0:<2021/3/24, 9:19:03>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): ParentCAName
437.633.0:<2021/3/24, 9:19:03>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): CADescription
437.633.0:<2021/3/24, 9:19:03>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): ParentCAName
437.633.0:<2021/3/24, 9:19:03>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): CADescription
437.633.0:<2021/3/24, 9:19:03>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): ParentCAName
122.3064.0:<2021/3/24, 9:19:04>: 0x80041002 (-2147217406)
122.2575.0:<2021/3/24, 9:19:04>: 0x80041002 (-2147217406): ApplicationPool.Name="WSEnrollmentServer"
402.326.949: End: 3/24/2021 10:11 AM 00.798s -
Fan Fan 15,291 Reputation points Microsoft Vendor
2021-03-25T01:55:40.203+00:00 Hi,
First of all, you must be a member of either Enterprise Admins or Domain Admins in the forest root domain in order to install an Enterprise CA.Or you can check if the same issue as the following one:
https://social.technet.microsoft.com/Forums/Windows/en-US/fc51410d-46db-4df9-a9c8-b67af4eea888/active-directory-certificate-services-post-config-issue?forum=winserversecurityIf still can't find the reason, you can check out the c:\windows\certocm.log file. It will give you details on what went wrong .
Best Regards,