I have an enterprise certificate authority running on a Windows Server 2012 R2 member server. The web interface for the CA has recently started popping up an error each time I go to request a certificate:
"No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory".
The CA is still able to issue certs, requesting a certificate through the MMC on a PC works.
I have, obviously, googled the error and have found some possibilities and tried out the advice that I've found. So far I've:
1) Created a new application pool and made sure that the application pool identity for the website is NetworkService instead of ApplicationPoolIdentity
2) Checked that the site has Windows authentication enabled and all other authentication types disabled
3) Checked that the sServerConfig entry in CertDat.inc matches the DnsHostName entry in the pkiEnrollmentService (it does)
4) Checked the permissions on the certificate templates
5) Updated the server
6) Rebooted the server
All to no avail. I've tried with my user account which has domain admin access and with the domain Administrator account which has enterprise admin rights.
I've checked the event logs. Every so often, an entry appears saying:
The "Windows default" Policy Module logged the following warning: The Active Directory Connection to local.domain.controller.fqdn has been reestablished to local.domain.controller.fqdn
but I don't think that's pertinent to anything.
I'm not sure what else to try, does anyone have any suggestions?
Many thanks