Tuesday, March 10, 2009

Native machine will not pull down computer certificate

Did you ever have a machine that just won't pull down the Computer certificate? You do everything you can think of and it just doesn't work. When you do a run>MMC.exe and add Certificates to the console then you can right click on personal certificates and request a cert. You might see this error

The certificate request failed because of one of the following conditions:-The request required an exchange certificate from a Certification Authority (CA) that is not started.-You do not have the permissions to request certificates from the available CAs.

if so then you might need to add the EnableDCOM entry to the machine with a value of Y

The EnableDCOM registry entry is located in the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

then restart the machine and wait for GPO to pull down the cert. The client should now be happy again.

http://support.microsoft.com/kb/929494

See this other post on Certificate errors
http://sms-hints-tricks.blogspot.com/2008/02/sccm-client-certificate-problems.html