Unable to generate SSL cert to enable Form based auth
- From: m1r4cle_26@xxxxxxxxx
- To: exchangelist@xxxxxxxxxxxxx
- Date: Mon, 23 Aug 2004 05:45:29 -0600
Hello,
I have a problem of generating SSL cert for form based authentication.
My environment is as follows:
PC A --> acts as DC, domain=example.com
PC B --> where ms exchange 2003 and cert authority is installed,
configured to be the member of domain=example.com
I have tested OWA without form-based auth and now would like to enable
form based authentication. I followed the steps outlined in
http://www.msexchange.org/tutorials/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html,
but I was unable to generate the SSL cert with the following error logged
in event viewer:
"Certificate Services denied request 4 because Access is denied.
0x80070005 (WIN32: 5). The request was for C=xx, S=xxx, L=xxx, O=xxx,
OU=xx, CN=xxx.xx.x. Additional information: Denied by Policy Module
I have googled and followed the instruction from this site:
http://support.microsoft.com/default.aspx?scid=kb;en-us;281271 but the
problem persists !
The only step I was unsure is from the instruction is:
"Set permissions on the applicable certificate templates to allow users in
the child domain to enroll. (NOTE: You must be logged onto the root domain
with domain administrator rights.).
I'm not sure which template's permission that I should modify and anyway,
I'm unable to set any modification to the permission (I have permission to
view only which is weird because I logged in as administrator !).
This is strange ! I was able to generate cert and have form-based
authentication working before. But a few days ago, I had to reinstall my
AD & exchange server due to AD crash. After that, I was unable to generate
ssl cert.
I really have no idea why ssl cert generation which was working before now
failed...Any idea guys how to trace the source of problem ?
Thanks !
Other related posts:
- » Unable to generate SSL cert to enable Form based auth
