Citrix FAS Certificate Deployment Failed
Website Visitors:Issue: We have deployed the three certificates using FAS console and we were able to view and access them in certificate authority console. As per a misconfiguration, we have deleted those three certificates from certificate authority. When we tried to redeploy the certs in our certificate authority server, we ended up in below error:
System.Runtime.InteropServices.COMException (0x80072071): CertEnroll::CX509CertificateTemplateADWritable::Commit: An attempt was made to add an object to the directory with a name that is already in use. 0x80072071 (WIN32: 8305 ERROR_DS_OBJ_STRING_NAME_EXISTS)
On the CA server below warning is logged:
Active Directory Certificate Services denied request 2 because The requested certificate template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE). The request was for DC=Citrix_RegistrationAuthority_ManualAuthorization. Additional information: Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: Citrix_RegistrationAuthority_ManualAuthorization.
We were not able to find the certificate templates in CA server anywhere in GUI and with powershell as well.
Solution:
-
Login to any of your domain controllers and open ADSI edit.
-
Right click on ADSI edit and select “connect to” option
-
In the connection settings dialog box, under “Select a well known naming contect”, click dropdown and select configuration option and click ok. Expand “CN=configuration, DC=domain, DC=com”, and expand “CN=Services” option.
-
Next select “public key services” and then expand “CN=Certificate Templates”.
Here, you should find all three citrix templates. Provide full access to authenticated users, or delete them as per your requirement.
Want to learn more on Citrix Automations and solutions???
Subscribe to get our latest content by email.