Hello, I am running Server 2008 on a VM and I have three certificates that expire in two weeks. I have tried to renew them in mmc, but i get a permission error even though I am domain and enterprise admin. Ther error is as follows: "Ther permissions on the certificate template do not allow the current user to enroll for this type of certificate. You do not have premission to request this type of certificate." I have checked the template permissions on the domain controller and it's set to domain and exterprise admins full control. What else can I try?Jim Falcione

Consider the following: 1) assign appropirate permissions (Read/Enroll/Autoenroll) to user acounts/groups for user tamplates 2) assign appropirate permissions (Read/Enroll/Autoenroll) to computer accounts/groups for computer tamplates. 3) use only global and/or universal security groups. Try to avoid individual account usage in ACLs. 4) in order to enroll for a computer certificate, you must run blank MMC console, add Certificates snap-in. In the prompt window switch to a computer account and process enrollment.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

I do seem to have all the right permissions to read/enroll/autoenroll but I still get the error. I am trying to renew under certificates(local computer). My account is domain and enterprise admin, so I don't get it.Jim Falcione

which template you are using?My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Not sure. It doesn't reference it in the error. I have checked the permissions of the whole templates folder in AD services. How do I figure out which template it's using? I'm not super well versed in certs.Jim Falcione

Ok, let's try to figure it out. For what reasons you need to renew the certificate? Where you will use it?My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

I have 4 certs on this server which expire in 2/23. I have errors in the application event log that warned my of this. Event 64cert serviceclient-autoenrollment is about to expire or has already expired. All the certs have server authentication as their intended purpose. Thanks for all your help with this. Jim Falcione