Unified Authentication 3.0 certificate autoenrollment fails

Solution ID:    SO4705    Updated:    12/28/2015

Problem

Cannot add v2 (especially computer) certificate templates to default Domain Policy for autoenrollment
Autoenrollment for certificates issued with device certificates fails
Autoenrollment does not work.  Only manual enrollment works

Cause

By default, the COM permissions are turned off and does not have any users or computers added to the list of permissions.  This is only for autoenrollment purposes.

Solution

Change the default COM permissions for the device certificates by following the troubleshooting steps in chapter 12 of the Administration Guide (given below):

  1. Open the MMC on your Lifecycle Management Service machine.
     
  2. Select File > Add/Remove Snap-in. The Add/Remove Snap-in dialog box opens.
     
  3. Select the Component Services snap-in.
     
  4. Expand Component Services from the Computers node in the console tree pane.
     
  5. Right-click My Computer and select Properties.
     
  6. On the COM Security tab, click Edit Limits from the Launch and Activate Permissions area.
     
  7. Add Domain Users, Domain Computers (for device computer certificates) and Domain Controllers (for domain controller certificates).
     
  8. Check the Local Launch and Remote Activation permissions for Authenticated Users, Domain Computers, and Domain Controllers and click OK.
     
  9. Expand the My Computer node and the DCOM configuration.
     
  10. Right-click the vscertsrv node and select Properties.
     
  11. Click the Security tab, and then select Customize in the Launch and Activate Permissions area.
     
  12. Click Edit.
     
  13. Add Authenticated Users, Domain Computers, and Domain Controller.
     
  14. Check the Local Launch and Remote Activation permissions for Authenticated Users, Domain Computers, and Domain Controllers and click OK.
     
  15. From the Administrative Tools Control Panel, restart the Symantec UA Certificate Handler service. 

Legacy ID

vs36795

Find Answers