[Exchange 2010] Error requesting certificate 0x80094801

Hello !

We are confronted to the following error while requesting a certificate (whatever the method, certreq or graphical)

Certificate Request Processor The request contains no certificate template information. 0x80094801 (-2146875391)

For diagnostic and troubleshooting we already performed :

  • Checked that templates are available for issuance : OK
  • Checked security (enroll rights) : OK

We tried several different certificates templates, all of them report the error.

For your information, there is an old CA that seems partially uninstalled (while requesting, a popup appears to select the CA to issue the certificate). The installed CA is on a Windows 2008 R2 DC.

I suppose that the CA information stored in Active Directory Configuration is stale or conflicting and that is the cause of the error.

I plan to make a cleanup. Any hints or  ideas of certutil commands that could be useful in this situation ?

July 15th, 2013 9:17am
Did you try to issue certificate by using Web console (by going to http://yourcaname/certsrv)? If you go there, you should choose to submit advanced request, and then copy/paste req file content. Also, you will be able to choose certificate template (it should be Web Server or similar).
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2013 11:29am

Hi

Also check this KB article

http://support.microsoft.com/kb/910249/en-us

To resolve this issue, use an alternative method to request certificates from an enterprise CA. For more information, visit the following Microsoft Web page: 

http://technet.microsoft.com/en-us/library/cc782583.aspx       (http://technet.microsoft.com/en-us/library/cc782583.aspx)    

The "Advanced Certificate Enrollment and Management"  white paper describes various methods for requesting certificates from an enterprise CA.  For example, you can request certificates by using the Web-based CA interface, by creating .inf files that contain certificate information, by using the Certreq.exe utility, and by using the Certutil.exe utility.

Cheers

If you have any feedback on our support, please click here

July 16th, 2013 4:08am

Hello,

thanks for the input !

I solved the problem by performing a cleanup in Active Directory with adsiedit and removing LDAP entries related to the old CA.

I submitted then the request using ther certsrv web interface and it issued the certificate perfectly.

thanks again.

Free Windows Admin Tool Kit Click here and download it now
August 6th, 2013 6:22am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics