Enterprise Root CA

By dirv9 ·
Hi! I'm setting up a vpn lab, and one of the computers is supposed to be the enterprise root ca. It's a member server. When I try to set up the ca, the enterprise part is greyed out. I did a google search, and an answer was to run adsiedit.msc with 19 steps to setup the public keys service. My question is, do I run this on the domain controller or on the member server I'm going to put the ca on? I tried the member server and received messages that the domain connection couldn't be found, another saying that the connection configuration couldn't be loaded, and one that says the schema coulsn't be loaded. I know I'm connected to the domain since I just joined the member server to the domain, and I pinged it. Any and all responses will be greatly appreciated. Thanks.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

More Info

by dirv9 In reply to Enterprise Root CA

Ok, I figured out how use the adsiedit.msc to connect to the DC, and this shows that the Public Key Services is there. Microsoft says that the reason the enterprise ca is greyed out is:This issue can occur if the Public Key Services container does not exist in the Active Directory directory service. For example, this issue can occur if the ADSIEdit tool (Adsiedit.msc) was used to delete the Public Key Services container. I never used the adsiedit tool before this, and it shows that the Public Key Services container does exist. So, why doesn't the install of the certificate authority show the enterprise ca? I should be able to install an enterprise ca on any server, right? It doesn't have to be DC does it? Thanks.

Collapse -


by dirv9 In reply to More Info

A google search finally gave me the answer. You have to log-in with an account that is a member of the enterprise admins and the administrator account of the local computer.

Related Discussions

Related Forums