L
luk03
Hello!
I have a problem with installing ent subordinate CA in domain where Enterprise Root CA is already installed. When using wizard, Etnterprise type is greyerd out. When runnig form powershell (Install-AdcsCertificationAuthority), I'm getting error:
Install-AdcsCertificationAuthority : Active Directory Certificate Services setup failed with the following error: A value for the attribute was not in the acceptable range of values. 0x80072082 (WIN32: 8322 ERROR_DS_RANGE_CO
NSTRAINT)
At line:1 char:1
+ Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument:
) [Install-AdcsCertificationAuthority], CertificationAuthoritySetupException
+ FullyQualifiedErrorId : SetCAProperties,Microsoft.CertificateServices.Deployment.Commands.CA.InstallADCSCertificationAuthority
Server is domain joined. I'm installing this role as domain Administrator (so I'm a member of Domain Admins and Enterprise Admins). When checking c:\windows\certocm.log, I can see (among others):
...
114.684.948: <2019/7/1, 11:26:05>: Begin: CCertSrvSetup::InitializeDefaults
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): SetupStatus
109.7913.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): SetupStatus
109.7932.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): SetupStatus
109.7913.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
401.1317.946: <2019/7/1, 11:26:05>: Opened Policy inf: C:\Windows\CAPolicy.inf
454.251.0:<2019/7/1, 11:26:05>: 0x80004005 (-2147467259 E_FAIL): AES-GMAC
454.251.0:<2019/7/1, 11:26:05>: 0x80004005 (-2147467259 E_FAIL): AES-CMAC
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): LDAPFlags
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): LDAPFlags
429.2778.0:<2019/7/1, 11:26:53>: 0x51 (WIN32: 81)
429.2778.0:<2019/7/1, 11:27:40>: 0x51 (WIN32: 81)
812.494.0:<2019/7/1, 11:27:40>: 0x8007003a (WIN32: 58 ERROR_BAD_NET_RESP)
429.1000.0:<2019/7/1, 11:27:40>: 0x8007003a (WIN32: 58 ERROR_BAD_NET_RESP)
429.3017.0:<2019/7/1, 11:27:40>: 0x8007003a (WIN32: 58 ERROR_BAD_NET_RESP)
109.883.1838: <2019/7/1, 11:27:40>: Enterprise CA option availability status: ENUM_ENTERPRISE_UNAVAIL_REASON_NO_INSTALL_RIGHTS
437.633.0:<2019/7/1, 11:27:40>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): ConfigurationDirectory
114.737.0:<2019/7/1, 11:27:40>: 0xe0000102 (INF: -536870654)
454.348.0:<2019/7/1, 11:27:41>: 0x80004005 (-2147467259 E_FAIL)
454.348.0:<2019/7/1, 11:27:41>: 0x80004005 (-2147467259 E_FAIL)
...
I don't know if this is important or have any influence, but AD domain name has "_" (underscore) in the name, i.e abc_example.uk
Thanks in advance for help!
Continue reading...
I have a problem with installing ent subordinate CA in domain where Enterprise Root CA is already installed. When using wizard, Etnterprise type is greyerd out. When runnig form powershell (Install-AdcsCertificationAuthority), I'm getting error:
Install-AdcsCertificationAuthority : Active Directory Certificate Services setup failed with the following error: A value for the attribute was not in the acceptable range of values. 0x80072082 (WIN32: 8322 ERROR_DS_RANGE_CO
NSTRAINT)
At line:1 char:1
+ Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument:
) [Install-AdcsCertificationAuthority], CertificationAuthoritySetupException+ FullyQualifiedErrorId : SetCAProperties,Microsoft.CertificateServices.Deployment.Commands.CA.InstallADCSCertificationAuthority
Server is domain joined. I'm installing this role as domain Administrator (so I'm a member of Domain Admins and Enterprise Admins). When checking c:\windows\certocm.log, I can see (among others):
...
114.684.948: <2019/7/1, 11:26:05>: Begin: CCertSrvSetup::InitializeDefaults
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): SetupStatus
109.7913.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): SetupStatus
109.7932.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): SetupStatus
109.7913.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
401.1317.946: <2019/7/1, 11:26:05>: Opened Policy inf: C:\Windows\CAPolicy.inf
454.251.0:<2019/7/1, 11:26:05>: 0x80004005 (-2147467259 E_FAIL): AES-GMAC
454.251.0:<2019/7/1, 11:26:05>: 0x80004005 (-2147467259 E_FAIL): AES-CMAC
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): LDAPFlags
437.633.0:<2019/7/1, 11:26:05>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): LDAPFlags
429.2778.0:<2019/7/1, 11:26:53>: 0x51 (WIN32: 81)
429.2778.0:<2019/7/1, 11:27:40>: 0x51 (WIN32: 81)
812.494.0:<2019/7/1, 11:27:40>: 0x8007003a (WIN32: 58 ERROR_BAD_NET_RESP)
429.1000.0:<2019/7/1, 11:27:40>: 0x8007003a (WIN32: 58 ERROR_BAD_NET_RESP)
429.3017.0:<2019/7/1, 11:27:40>: 0x8007003a (WIN32: 58 ERROR_BAD_NET_RESP)
109.883.1838: <2019/7/1, 11:27:40>: Enterprise CA option availability status: ENUM_ENTERPRISE_UNAVAIL_REASON_NO_INSTALL_RIGHTS
437.633.0:<2019/7/1, 11:27:40>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): ConfigurationDirectory
114.737.0:<2019/7/1, 11:27:40>: 0xe0000102 (INF: -536870654)
454.348.0:<2019/7/1, 11:27:41>: 0x80004005 (-2147467259 E_FAIL)
454.348.0:<2019/7/1, 11:27:41>: 0x80004005 (-2147467259 E_FAIL)
...
I don't know if this is important or have any influence, but AD domain name has "_" (underscore) in the name, i.e abc_example.uk
Thanks in advance for help!
Continue reading...