In some cases, your system may display a message that it can’t control access to certificate services. There can be several reasons for this error to appear.
Approved: ASR Pro
According to the reverse log, the problem is AD permissions (see link to ldap.cpp). Can ADSIEdit.msc and tv be used to view the permissions of the ConfigurationServicesPublic Key ServicesEnrollment Services
certlibldap.cpp(2691): <2015/7/21, 10:33:26>: (Win32: 50 0x32 ERROR_NOT_SUPPORTED): 00000005: SecErr: DSID-03152612, Issue 4003 (INSUFF_ACCESS_RIGHTS), data>
Administrators configuring Active Directory Certificate Services (AD CS) for their entire network may currently encounter the following error message:
You can’t manage companies with Active Directory certificates. The system cannot find the specified initiator: 0x800700002 (WIN32:2 ERROR_FILE_NOT_FOUND)
Fortunately, this error is usually easily resolved by repeating the post-deployment configuration step that replaces the missing list and fixes AD CS. Here is Kurzi’s guide to reconfiguration, as well as some great workarounds for situations that didn’t work.
Guidelines For Troubleshooting “Unable To Manage Active Directory Certificate Services”
- Run the deployment after configuring Windows in Server 2012 Manager.
- A notification with a green warning triangle should appear at the top in the main corner of the window because your AD CS configuration is considered incomplete.
- Select an administrator with sufficient credentials.
- Select the role you want to customize.
- Everyone needs at least one certification authority record (CA), and service. Center
- Choose whether you want to set up standalone or enterprise certification. Then choose whether customers want a master or slave speaker.
- Since most people set up AD You cs, you probably don’t already have a root CA and should choose this option.
- Decide whether to generate a new private key or use an existing distinct key to set up a particular CA.
- The first time, the AD CS reader needs to generate a new private key.
- Select encryption options. If you don’t need them, the default options seem to suffice.
- Note. SHA1 has ceased to be secure since 2005.
- Set the validity period of the certificate.difference
- In addition to security passwords, certificates do not need to be changed frequently. The standard validity of the certificate is from 2 to 5 years.
- Specify the location of the databases.
- Use a specific default save location if you don’t need special settings.
This completes the CA setup. However, if you have added other types of role services to the configuration, additional steps may be required.
Fel: Det Går Inte Att Kontrollera åtkomst Till Certifikattjänster.
오류: 인증서 서비스에 대한 액세스를 제어할 수 없습니다.
Erro: Não é Possível Controlar O Acesso Aos Serviços De Certificado.
Błąd: Nie Można Kontrolować Dostępu Do Usług Certyfikatów.
Ошибка: невозможно контролировать доступ к службам сертификатов.
Errore: Impossibile Controllare L’accesso Ai Servizi Di Certificazione.
Erreur : Impossible De Contrôler L’accès Aux Services De Certificat.
Fehler: Zugriff Auf Zertifikatsdienste Kann Nicht Gesteuert Werden.
Error: No Se Puede Controlar El Acceso A Los Servicios De Certificados.