Not sure if this is the right place for this, but here goes. Upgraded a domain to 2008 R2. Migrated certificate services to 2008 R2 Enterprise root on a member server. Autoenrollment works fine Requesting cert from the MMC using certificates snapin works fine Requesting a cert via the web https://servername/certsrv gets the following error; Active Directory Certificate Services denied request 12345 because the request subject name is invalid or too long 0x80094001 (-2146877439) Error constructing or publiching certificate. I created a new cert template and did NOT check use Active Directory for subject name as templates with this checked do not show up in the web enrollment interface. I have enabled this template for enrollment and gave users rights to enroll. They are clicking advanced in the web interface as they want a computer cert. For the subject name, they enter computername.domain.local Based on searches I've done on the InterWeb, permissions APPEAR to be correct. Again, Autoenroll and MMC work just fine. Appears to be confined to only web.

first, web enrollment does not offer templates with Windows 2008 type (version 3 templates). web enrollment shows only version 1 and 2 templates (2000 and 2003 versions). so when you duplicated, you need to duplicate to Windows 2003 version in order to see the template in web enrollment. second, the web enrollment is deprecated, use MMC in win7/2008 instead. ondrej.

Hi Orville, I had a somewhat similar issue where web server template was missing from the web enrollment template drop down. Try Opening Internet Explorer with the run as admin option and browse to certificate server and see. Regards, Diffmeister

... They are clicking advanced in the web interface as they want a computer cert. For the subject name, they enter computername.domain.local ... Be aware that the web enrollment pages does not support computer certificates and you need to issue the certificate to the user and import it to the computer store /Hasain

... They are clicking advanced in the web interface as they want a computer cert. For the subject name, they enter computername.domain.local ... Be aware that the web enrollment pages does not support computer certificates and you need to issue the certificate to the user and import it to the computer store /Hasain

for a more elaborate answer, please refer to my previous answer in this forum: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/608abd37-9ebb-4409-a656-8b452317d04a o.

for a more elaborate answer, please refer to my previous answer in this forum: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/608abd37-9ebb-4409-a656-8b452317d04a o.

Thanks. We can use the MMC fine, so I will let him know that that is what we need to do.

So, The cert template IS a 2003 template. What I'm reading I guess is that web enrollment has been removed? We used to be able to request a computer cert via the web in 2003. I need to have a firm answer for the boss. Can a computer cert be issued via the web interface in 2008 R2 or is it only user certs?