Certificate Authority does not show Templates

3

No templates are shown in the Template folder of the Certificate Authority.

In the Certificate Templates (certtmpl.msc) are Templates shown.

Running certutil -CATemplates returns 0x80070490 (WIN32: 1168 ERROR_NOT_FOUND) CertUtil: Element not found.

Restarting the service did not help

Sreenshot of CN=OID shows the following result

enter image description here

There are also no entries under CN:Enrollment Services

enter image description here

windows-server-2012-r2
certificate-authority
asked on Server Fault Nov 17, 2018 by Mister 832 • edited Nov 18, 2018 by Mister 832

2 Answers

5

It looks like that your templates are ok and OIDs are ok as well.

Try to restart certificate service (certsvc) on new CA and check if templates are loaded. If this doesn't help, then stop certsvc on CA, then remove templates in CA record under CN=Enrollment Services, CN=Public Key Services, CN=Services,{configurationNamingContext}. Open CA record, navigate to certificateTemplates attribute:

  1. record a list of certificate templates you see them (just write somewhere).
  2. clear list by removing all entries from this attribute.
  3. Open Certification Authority MMC snap-in (certsrv.msc), start certsvc and try to add templates manually from the record you made in step 1.
answered on Server Fault Nov 17, 2018 by Crypt32
0

I had similar issues and the above helped solve it. When I checked permissions of each template, I found that these did not have Enterprise Admins and Domain Admins on all of them.

so deleted them all from ADSIEDIT.msc The ran certutil -installdefaulttemplates from the certificate server to recreate the default certificate templates. If you have any custom certificates, you might want to check and just add permissions to them instead.

answered on Server Fault May 22, 2019 by Tony

User contributions licensed under CC BY-SA 3.0