I have a root CA that's not running on Server 2003 Standard. For reasons I wont go into, we can't upgrade this to Server 2003 Enterprise. I do however have a subbordinate CA that's runnong on Server 2008 standard which we CAN upgrade to Server 2008 Enterprise. My question is, if I do that, will I be able to issue certificates based on custom templates or does the root CA need to be at that functional level for any subbordinate CA's to be able to issue them?

Well I upgraded our subbordinate CA to enterprise over the weekend and I've just gone to try and request a certificate based on a custom template for our LYNC server and am still getting denied. Ac tual error message: Error: Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: Web Server plus Client Authentication.

this is because target template is not added to CA server. Open certsrv.msc console, swith to Certificate Templates node and add required templates.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

The certificate template is definitely showing under certificate templates on the cert server. The only thing being that the subbordinate ca server is running enterprise whereas the root is not

OK I finally got the certificate to show up and then I couldn't issue it because my root CA's certificate was valid for less than a year. I renewed the root CA's cert and did the same with the sub CA so they both now have matching expiry dates on their certs just to make things easier. Now when I go to request the certificate from the lync server I just get 'denied by policy module', no error code or anything.

Hi, Thank you for sharing your solution. It can be useful to other community members who face similar problem. Regards Kevin