Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Certificate Services could not publish a Certificate for request 11 to the following location on server DC.PKI.DOM: CN=administrator,CN=Userver,DC=pki,DC=dom.
Insufficient access rights to perform the operation.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is a Certificate Authority?
What is the role of Certificate Service?
See WITP78286 for information about this event.
Microsoft article ME300532 is a good starting point. If you have already verified your CA is a member of the Cert Publishers group, the next step is to verify the Cert Publishers group has permissions on the user account it is trying to publish to. Specifically, the Cert Publishers group needs ''Read userCertificate'' and ''Write userCertificate'' permissions. In my case, the user account that the CA was trying to publish to was also a domain administrative account. In this case, the necessary permissions were being removed by the AdminSDHolder. If you need to publish certificates to accounts that are also administrative accounts, the steps in article ME281271 will need to be taken as well. Alternatively, you may remove the account from the administrative group in question and reset default permissions on the user account.
Windows 2000 Enterprise CAs are not automatically added to the Certificate Publishers group in a Windows Server 2003 domain. See ME300532 for more details.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated