"No certificate templates could be found. You do not have permissions to request a certificate from this CA..

Similar Messages

• "No certificate templates could be found..." error using web enrollment on Win2k8 R2 Enterprise SubCA

  Hi Folks,
  I have installed an online issuing CA running on Win2k8 R2 Enterprise, and installed the web enrollment role service on it.
  I have duplicated two computer certificate templates (computer & web server) on our DC's, modified them as Win2k3 templates, made some changes and saved them, then published them on the CA by selecting New -> Certificate Tempate
  to issue. The templates have read and enroll permissions set for domain admins and domain computers (my account is a domain admin). I can successfully enroll for them using the certificates MMC.
  When connecting to https://myca.mydomain.com/certsrv however, the page loads. I click on 'Request a certificate', then 'Create and submit a request to this CA'. I see a warning indicating that this website
  is attempting to perform a digital certificate operation on my behalf, so I click yes. Immediately after doing so, I get the error:
  "No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory."
  I have spent about 2 hours searching on this error and found at least 50 people complaining of this, but no real solutions. Here is what I have tried with no success:
  1) http://support.microsoft.com/kb/811418. Everyone references this solution, but it hasn't worked for anyone. The string values and cases are the same for me.
  2) Enabled SSL on the certsrv website.
  3) Set the authentication on the certsrv site to enable integrated authentication and disabled anonymous authentication.
  4) Created a separate application pool running under the Network Service then set the Certsrv application to run under it.
  I should note that this exact same condition occurred in my lab install, but rather than waste time trying to fix it in the lab, I just went ahead with the production install, only to experience the same problem, so apparently web enrollment is just
  broken out of the box on 2k8 R2 Enterprise.
  Does anyone have any idea how to get this working as advertised? Thanks for any help,
  Ian

  It appears to be an issue in Server 2012R2 as well.
  In our case, is a new two tier PKI setting is implemented on two Windows Servers 2012R2. After the installations and configurations are completed, I was unable to load certificate templates when requesting a certificate on the Web interface.
  The issue was that the pass-through authentication did not work in IIS with the standard Application Pool Identity.
  The solution was as followed:
  1. Changed the NTFS permissions on the certsrv virtual directory in IIS (C:\Windows\System32\CertSrv\en-US), by adding a (domain) user account with read and list permissions.
  2. In IIS CertSrv > Basic Settings > Connect as - select "Specific user:" and set the newly created user with the username and password.
  3. Tested in Basic Settings with - "Test Settings" button and both Authentication and Authorization were successful.
  4. Request certificate from Web interface and the templates are available.
  Note: You must have a certificate in the Templates store which you have duplicated from the Templates available.

• You do not have permissions to open the dashboard

  On a clean install of 2012 R2, I joined an existing domain and added the Essentials role.  After that, I configured it which took about 5 minutes.  At the end, it placed an icon on the desktop called "Dashboard".  It will not allow
  me to open this no matter what I try.  I get this error:
  Cannot open the Dashboard
  You do not have permissions to open the dashboard.  Please log on as a network administrator and try to open the dashboard again.
  I am using a domain admin account.  For laughs, I tried a couple accounts, but had no luck.
  The log at "C:\ProgramData\Microsoft\Windows Server\Logs\dashboard.log" shows "Dashboard.Forms: Dashboard: Non domain admin cannot access dashboard."
  Server Manager shows a green up arrow by Manageability for WSEE.
  BPA shows only one error about Windows Server Backup and unsupported partition, which from what I gather is to be ignored as a false alarm.
  Not sure what to do here.  Nothing seems to work.  Ideas?  Suggestions?

  Hi everyone!
  I went in and tried all of your solutions, but none worked.
  I have found the REAL solution to why this isn't working, and it should be corrected by Microsoft. 
  In the users profile, you can see the member of and primary group. 
  With my admin account, on Primary Group, I had "Domain Admins" as the group. It didn't work. I tried setting that to Enterprise Admins, and it worked and was able to get into dashboard. I set it back to Domain Admins, and it didn't work.
  I set it as Domain Users, and it worked. 
  As long as you have the user in Domain Admins group, and primary group set to either "Domain Users" or "Enterprise Admins" -- it will always work. The account does NOT need to be in the Enterprise Admins group, just be sure to keep the
  primary group on "Domain Users", and make sure it is in the "Domain Admins" group. 
  When the member above Lynn said they created a new account, it worked because ALL new user accounts are set to primary group of "Domain Users".
  When the other user Brian Hoyt had to remove ALL administrator groups, it removed the primary role from "Domain Admins" to "Domain Users" which then worked. Then he added ALL admin groups (you do NOT need Enterprise Admins group) but
  probably forgot to set the primary group, which is good and that is why it worked. When he copied the Admin account, the primary group always rolls over to the new account and is copied with it. When he removed all groups, he forgot to set back the primary
  group. 
  When Robert Pearman tried, he probably had the primary group set to something other than "Domain Admins" as well. 
  You don't want a Domain Admin (primary group) configuring your server. You want a domain user in Admin group (such as an employee to reset passwords), OR the Enterprise Admin (primary group)  to configure server applications, NOT a domain admin. So
  I do see why Microsoft had this set the way it is. 
  So basically, you can NOT have the primary group to "Domain Admins". It needs to be either "Domain Users" OR "Enterprise Admins". The account MUST be in the "Domain Admins" group. 
  I do believe Microsoft should fix this issue, because it could be a bug, but also could be so that Domain Admins (primary group) can't screw applications that should be maintained and configured by Enterprise Admins (primary group). 
  I have made a video showing the problem was fixed, and this is the solution!
  youtube.com\watch?v=bZoNc3RkBSw
  Thanks guys!

• After Exchange 2010 SP3 upgrade, UAG publised OWA is throwing a "You do not have permissions to view this folder or page" error

  Hi,
  We have an issue with our OWA page.  We are currently publishing OWA via UAG.
  We recently upgraded to Exchange 2010 SP3 and then SP3 Rollup7.  Since the upgrade, we are keep getting the following error after entering our credentials on the login page.  I've tried with every possible browser. 
  You do not have permissions to view this folder or page
  Strangely enough, the mobile phones are sending and receiving emails just fine, the phones use the same OWA link, so it's not an authentication issue, the phones login into the UAG servers with no issues.  I can see this on the Active Sessions screen
  on Web Monitor. 
  I've attempted to connect to the OWA by bypassing the UAG server, so putting in the local OWA address of one of my Exchange servers, it works... so the OWA page is up and running. 
  No error logs get generated on Web Monitor when we receive the permission error, I think this is because it's past authentication, it's on the Exchange layer. 
  Any insight would be helpful?  I'm assuming something changed on the Exchange side after the upgrade.
  Just in case, I've upgraded the UAG and TMG servers to the latest SP and Rollup packets.
  UAG > SP4
  TMG > SP2 Rollup 5

  I've found a solution; UAG requires Basic Authentication over OWA.  For some reason Integrated Windows Authentication got turned on after the SP3 upgrade.
  http://technet.microsoft.com/en-us/library/ee921443.aspx
  Turning Integrated Windows Authentication off via the Client Access OWA settings resolved the issue.  Though beware, you
  have do this on all your Client Access servers.  

• PPS Error in "IBIMonitoringAuthoring " You do not have permissions to create a data source in this document library.

  Hi,
  I am trying to use "IBIMonitoringAuthoring" in my local web site.
  But i am getting error like "Server was unable to process request. ---> You do not have permissions to create a data source in this document library.  Additional details have been logged for your administrator."
  My code is below,
   string url = ServerName + webServiceUrl;
          IBIMonitoringAuthoring biService = BIMonitoringAuthoringServiceProxy.CreateInstance(url);
          //Create data source object
          DataSource dataCube = new DataSource("AW_Data_Cube");
          dataCube.Name.Text = "AW_Data_Cube";
          dataCube.ServerName = "SQL2008dev";
          dataCube.DatabaseName = "Analysis Services Project1";
          dataCube.CubeName = "TestCube";
          dataCube.ConnectionContext = ConnectionContext.ConnectAsSharedUser;
          dataCube.FormattingDimensionName = "Measures";
          dataCube.MinutesToCache = 10;
          dataCube.CustomTimeIntelligenceSettings = "";
          biService.CreateDataSource(connectionListUrl, dataCube);
  How could i authenticate the Service. Is there any way to pass credentials for this method?
  Thanks & Regards
  Poomani Sankaran

  I suffered similar issue in Infopath, and i finally solved the issue by changing the data connection URL, it should the same as the Infopath publish location.
  for example: SP server iP 192.168.1.1 have two name, hostname is mySP, alternate assces mapping name is companySP, and you can access the websit by both
  http://mySP and
  http://companySP
  hope it can help someone..

• New-MsolUser : Access Denied. You do not have permissions to call this cmdlet.

  I am trying to create new user in Azure Active Directoy, 
  New-MsolUser -UserPrincipalName [email protected] -DisplayName "username" -FirstName "fname"  -LastName "lname"
  I am getting this error,
  New-MsolUser : Access Denied. You do not have permissions to call this cmdlet.
  Can anyone suggest what could be the problem?

  Hi Shankar,
  The error "New-MsolUser : Access Denied. You do not have permissions to call this cmdlet" when trying to use the cmdlet indicates you might have to check if you have the appropriate admin role.
  You could refer the following link for details on various types of Admin Roles in Windows Azure Active Directory.
  https://support.office.com/en-US/Article/Assigning-admin-roles-eac4d046-1afd-4f1a-85fc-8219c79e1504?ui=en-US&rs=en-US&ad=US
  Also, you could refer the following link for assistance with using PowerShell to create bulk users for Office365.
  http://blogs.technet.com/b/heyscriptingguy/archive/2014/08/04/use-powershell-to-create-bulk-users-for-office-365.aspx
  Regards,Malar.

• Login failed, or you do not have permissions to login to this application.

  Dear All,
  I have installed Workflow server, Form manager and Workflow Designer on my Windows server 2003 machine and in the same order as written above.I am able to access Workflow server and form manager through webui but when i log in to Workflow designer, an error message is displayed-"Login failed, or you do not have permissions to login to this application."
  Can Anyone help.Thanks in advance.
  Anupam

  Thanks Howard,
  As told by you i did exactly that you mentioned and i am getting the following error:-
  java.lang.reflect.UndeclaredThrowableException
  at $Proxy1.login(Unknown Source)
  at com.adobe.workflow.client.QLCSessionImpl.login(QLCSessionImpl.java:11
  6)
  at com.adobe.workflow.saf.SAFLoginDialog$3.run(SAFLoginDialog.java:122)
  Caused by: java.io.InvalidObjectException: inauthentic principal assertion
  at com.adobe.idp.Context.getValidatedAuthResultFromAssertion(Context.jav
  a:291)
  at com.adobe.idp.Context.readResolve(Context.java:246)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)
  at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
  at java.io.ObjectInputStream.readObject0(Unknown Source)
  at java.io.ObjectInputStream.readObject(Unknown Source)
  at java.rmi.MarshalledObject.get(Unknown Source)
  at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvo
  kerProxy.java:136)
  at org.jboss.invocation.MarshallingInvokerInterceptor.invoke(Marshalling
  InvokerInterceptor.java:67)
  at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.
  java:46)
  at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:5
  3)
  at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessi
  onInterceptor.java:100)
  at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
  ... 3 more
  com.adobe.workflow.client.QLCException: Login failed, or you do not have permiss
  ions to login to this application
  at com.adobe.workflow.client.QLCSessionImpl.login(QLCSessionImpl.java:12
  6)
  at com.adobe.workflow.saf.SAFLoginDialog$3.run(SAFLoginDialog.java:122)
  I am using WorkFlow Designer 7.0, Workflow server 7.0 and Form Manager 7.0.1.
  What could be the possible solution for the above mentioned error.Any help would be highly appreciated.
  Thanks,
  Anupam

• 'You do not have permissions for this item' - MATERIAL SPECIFICATION

  Dear members,
  I am trying to access a Material Spec but I am persistently presented with the following message: "'You do not have permissions for this item'".
  Funnily, I was previously able to access the specifications but now I am presented with this.
  I have the same issue with LIO Profiles.
  Does anybody have a known solution for this?
  Kind regards,

  This usually occurs when you do not have Read permission according to the workflow status of the specification. Different permissions can be set up for different statuses in WFA (WorkFlow) Administration.
  Also, if you are using the Business Units as Security feature (rather than just BU visibility), you could get this message. In this case, you should not be able to see this spec in a search result though, so if you can see it in the material spec search page results, it isn't a BU issue, it is a workflow read permission issue.
  There is one additional possibility, which is if your team has implemented the SpecVetoHandler extensibility point, which allows for added custom read permission checks. This is a technical extensibility point configured in the CustomPluginExtensions.xml config.
  But most likely, it is a workflow permissions issue. You'll have to ask your workflow adminitrator user(s).
  Regards
  Ron

• Error:This page contains content of "application/x-java-applet" type. You do not have the plug-in required to view this content.

  Hi....i m using Mac OS x 10.5.8 with safari Version 5.0.2 (5533.18.5). I just updated the Java version to Java 6 and now m getting below error:
  This page contains content of “application/x-java-applet” type. You do not have the plug-in required to view this content.
  Please help me out on this....

  I am also having a problem with this. My website is hosted through "www.onlinepictureproof.com" and now that my laptop is back from repair with OS X 10.6.8 I am unable to upload my photos to my work website. It says "a plug-in is needed to display this content. Install plug-in" and then a window pops up that says "no suitable plug-ins were found".  Below that is "unknown plug-in (application/x-java-applet)" with a link to "manual install" which takes me to "http://www.oracle.com/technetwork/java/index-jsp-141438.html#download" which just leaves me lost. I've tried downloading the "JRE" but I have zero idea what that means or if Im downloading the proper thing. Once I click on the "download JRE" it brings me to a download page where there are WAY too many items for me to choose from to download, when I have no idea what I need or why I need it. please help, this is driving me insane. I actually preferred my constantly crashing laptop to the state its in now, "like brand new" back from apple repair...I have already updated everything that is promted through "Software Updates".
  "OnlinePictureProof.com" only directs me to apple support.
  Thank you for any help you can offer!
  Sheila

• After QT7.4, AE error-you do not have permissions to open this file (-54)

  Immediately after installing the QT 7.4 update, I have been unable to render (anything) in After Effects.
  I get an error: After Effects error: opening movie - you do not have permissions to open this file (-54)
  (44::53)
  I have repaired permissions, downloaded the Full QT 7.4 installer, reinstalled, repaired permissions again and still the same problem. Something has changed in QT that has made AE incompatible.
  Apple, please fix or offer some assistance on how to fix.
  The AE forums are also beginning to fill with everyone having this same issue after an update to QT 7.4
  My work has come to a halt. How do I fix this?
  I can't find any info on reverting back to QT 10.3.1

  "Apple, please fix or offer some assistance on how to fix."
  Apple does not read these postings. These are user to user forums whereas everyday folks post questions & offer help to each other.
  "How do I fix this?"
  Check out Klaus1 possible solution in the following thread:
  http://discussions.apple.com/thread.jspa?threadID=1343184&tstart=0
  "I can't find any info on reverting back to QT 10.3.1"
  You really mean 7.3.1 right?
  Do an archive and install of your OS from the OS disc. Stop at the QT upgrade you need.
  http://docs.info.apple.com/article.html?artnum=301270 Scroll down to "Archive and Install”

• You do not have permissions to open this file on Excel Services.

  Hi all,
  I am recieving this error:
  I have setup a trusted location to the document library where the Excel spreadsheet resides, and I still recieved the error.  I changed the location to the entire site and I still recieve the error.  I am the Sharepoint Admin, so I have full
  rights to all.
  I am on SharePoint 2007.
   I set the location as Http://sitename/document Library name
  Location type = Windows SP Services
  Checked trust Children
  there are no extrernal connections so I took the defaults for all other options.
  Any help would be greatly appreciated.
  TIA,
  Joe

  Hi,
  I understand that when you try to open an excel file in browser, you received Access Denied error.  You can check the excel service settings in Central Administration like this :
  Open Central Administration -> go to Operations tab. Ensure that the Excel Service is running
  Open Central Administration -> go to your configured Shared Service -> click Excel Service Settings. Set  File Access Method:  ensure that it is not using Impersonation, instead the Option Process Account should be enabled.
  Open Central Administration -> go to your configured Shared Service -> click add new trusted file location.
  field URL: here you can specify a report library or the whole portal
  Location Type: should be Windows SharePoint Services
  Children trusted: defines whether the children should also be trusted or only the defined path
  For more information, please refer to this site:
  MOSS Excel Services you do not have permissions to open this file:
  http://developers.de/blogs/nadine_storandt/archive/2007/09/06/moss-excel-services-you-do-not-have-permissions-to-view-this-workbook.aspx
  Thanks,
  Entan Ming
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please [email protected]
  Entan Ming
  TechNet Community Support

• Windows Server 2012 R2 Fax Service - Windows 7 Client "You do not have permissions to complete this operation. Contact your fax administrator for more assistance"

  First I have tried all sorts of searches and and all I come up with is things related to Windows Server 2008.
  1. I have Fax Service running on my 2012 R2 File and Print Server.
  a. It can send faxes from the logged in domain user
  b. It does not need to receive faxes because we have another machine for that
  2. I have added the domain user I am using on the Windows 7 machine to the Accounts List in Fax Manager
  3. I can not seem to find any logging saying that there is a security problem (Event Log, etc...)
  Please point me in the correct direction as I need to have my staff use Print to Fax from our Practice Management Application.

  Hi Shawn,
  à
  You do not have permissions to complete this operation. Contact your fax administrator for more assistance
  From the error message, please check if share the Fax on the server. Meanwhile, please also check if assign
  correct permissions in Security tab under Fax properties.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu
  1. Fax Sharing is enabled and can see the Shared Fax Printer on other machines.
  2. At least 2 domain groups that the Windows 7 user is in are in the Security Section, set to be able to fax. One othem can manage fax.

• "You do not have permissions to create an Assigned Conference."

  Can someone tell me what permissions a user needs to create an assigned conference?  My account has full permissions to do everything (I thought) in Lync yet when I and others try to set up a conference, we get the below error:
  Assigned Conference Information
  Give your Assigned Conference information to people you want to invite to your meeting.
  You do not have permissions to create an Assigned Conference.
  Rich

  Hi,
  Have you checked the value of EnableAssignedConferenceType using Get-CsMeetingConfiguration?
  Here is similar case for your reference:
  http://social.technet.microsoft.com/Forums/en-US/ocsconferencing/thread/366030f2-d461-41bd-860d-a4dee9511400
  Kent Huang
  TechNet Community Support

• You do not have permissions to access a database that contains data required for this form to function correctly.

  I have dropdown on infopath form , and it receives data from sql server table ,  it works fine when i am running in preview mode , but when i am publishing form to sharepoint server and loading that form
  i am getting this
  You do not have permissions to access a database that contains data required for this form to function correctly.
  Can you please help?
  Thanks,

  try this one, if not yet
  Convert the data connection to UDC (store it in a Data Connection Library within the same site collection as the form library).  See if this works without any other changes, but if not, then...
  Manually edit your UDC file in Notepad (or your preferred editor) so that the authentication line is not commented out and so that it references the name of the SSO target app you created. 
  For Type, use NTLM.
  Ensure the user has rights to access the database
  Also ensure the connection file has been approved - A sharepoint admin can access a non approved Ucdx file. Go to the connection library and approve the file
  Also check this post having the similar issue:
  http://social.technet.microsoft.com/Forums/en-US/3196bafd-4bc3-40ab-ac2b-d149d1c3e0fa/sharepoint-2010-error-you-do-not-have-permissions-to-access-a-database?forum=sharepointdevelopmentprevious
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Scheduling Assistant shows "You do not have permissions to see the recipient's free busy" Exchange 2010

  Setup:
  Exchange Server 2010 Sp2
  Servers running individual roles (2xMailbox, 2xCAS, 2xHub, 2xEdge) All windows server ent 2008 R2
  I can see the calendar content if i open Room Mailbox using the 'Open Calendar' from the menu but the scheduling assistant while
  creating a new meeting invite gives 'You do not have permissions to see the recipient's free busy' error code 5037
  Permission on the conference room is below.
  [PS] C:\Windows\system32>Get-MailboxFolderPermission -id Testconfroom1:\calendar
  RunspaceId   : bbb43bc9-a0c5-4c23-b5f5-b7235f795e26
  FolderName   : Calendar
  User         : Default
  AccessRights : {ReadItems, EditOwnedItems, FolderVisible}
  Identity     : Default
  IsValid      : True
  RunspaceId   : bbb43bc9-a0c5-4c23-b5f5-b7235f795e26
  FolderName   : Calendar
  User         : Anonymous
  AccessRights : {FolderVisible}
  Identity     : Anonymous
  IsValid      : True
  Appreciate any help to fix the above.
  Inderjit

  Hi Inderjit,
  Does this issue occur on only one user or all users?
  If only one user has this issue, I suggest performing troubleshooting on Outlook client first.
  1. Please run Outlook under safe mode to avoid some AVs and add-ins.
  2. Please start Outlook with "outlook.exe /cleanfreebusy".
  3. Please try to re-create profile to refresh the caches.
  Then please perform troubleshooting on Exchange server side.
  1. This issue may occured due to mailbox corruption in the folder level.
  2. Genrally we can check the mailbox property PR_FreeBUsy_NT_SECURITY_DESCRIPTOR and verify the permission.
  3. I suggest re-granding the specific user permission for testing.
  4. I suggest moving the sepcific user's mailbox to another database, issues will solved by itself automatically.
  If all users have this issue, I suggest resetting the permission on Calendar folder and give the necessary permissions (Free Busy Time/ Free Busy Details /Full Details) via Exfolders.
  Refer to :
  http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support