Ihave a couple of Windows 2003 R2 SP2servers hosting several instances of ADAM. I am using certreq to generate the certificate requests for these servers so I can use SSL in connecting to ADAMbut I am getting an error. This is the request.inf I am using (pretty much straight from an MS article...) to generate the request... ;----------------- request.inf ----------------- [Version] Signature="$Windows NT$ [NewRequest] Subject = "CN=servername.childdomain.rootdomain.com" ; replace with the FQDN of the DC KeySpec = 1 KeyLength = 1024 ; Can be 1024, 2048, 4096, 8192, or 16384. ; Larger key sizes are more secure, but have ; a greater impact on performance. Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication ;----------------------------------------------- I am using this command.... certreq -new request.inf request.req After hitting enter, it sits there for about10 seconds and gives me this error back... Certificate Request Processor: Access is denied. 0x80070005 (WIN32: 5) [RequestAttributes] I have searched on this error and have not found much of anything on it. This process seems to work fine on other servers that I have, but these two serversboth generate this error. Both servers are clean builds and only have ADAM installed on them. I am a local admin on both servers so it doesn't appear that there should be any permission issues as implied by the error message. Anyone have any ideas? Thanks!

Hello Bryan, First of all, please make sure that the CA certificate is added into the Trusted Root certificate store on the servers. If the certificate web enrollment is enabled, please check how a certificate request works on that two server generate the error. Meanwhile, please verify the security permission on the MachineKeys directory: 1. Open Windows Explorer, and find the MachineKeys directory in the following location: Drive:\Documents and Settings\all users\Application Data\Microsoft\Crypto\RSA\MachineKeys 2. Right-click the directory, and click Properties. 3. Click the Security tab, and ensure that the full control permission for the Administrators How to: Change the Security Permissions for the MachineKeys Directory http://msdn.microsoft.com/en-us/library/bb909654.aspx Hope it helps.

Thanks Miles. I will try it out and see if it helps.

Thanks Miles, That worked perfectly for me :-) Michael