Tuesday, March 10, 2009

Native machine will not pull down computer certificate

Did you ever have a machine that just won't pull down the Computer certificate? You do everything you can think of and it just doesn't work. When you do a run>MMC.exe and add Certificates to the console then you can right click on personal certificates and request a cert. You might see this error

The certificate request failed because of one of the following conditions:-The request required an exchange certificate from a Certification Authority (CA) that is not started.-You do not have the permissions to request certificates from the available CAs.

if so then you might need to add the EnableDCOM entry to the machine with a value of Y

The EnableDCOM registry entry is located in the following registry subkey:

then restart the machine and wait for GPO to pull down the cert. The client should now be happy again.


See this other post on Certificate errors