Skip Links

Network World

Tyson Kopczynski

Windows Server 2008 Certificate Services web enrollment pages does not support V3 templates

By tyson.kopczynski on Tue, 10/07/08 - 10:05am.
Newsletter Signup

Here is a little tidbit that I've been meaning to post for some time now (sorry the move kinda had me side tracked).  Anyhow, I was working with MS support on a Windows Server 2003 certificate template issue.  To show the escalation engineer that the issue was reproducible, I replicated (or at least thought I replicated the issue just before leaving for Japan) using a 2008 based CA within my home lab.

In short, the issue that was occurring was only with newly created custom certificate templates.  After creating the template and assigning to a CA, the web enrollment pages were in turn never/not showing the certificate template.  However, after showing this to the engineer, he stated this was actually by design in Windows Server 2008.

Say what!

Yeah, yeah... this was basically not documented (kinda) until very recently.  In short, the 2008 version of the web enrollment pages are still using the old version of the scrdenrl.dll (Smart Card Enrollment control).  Considering that this control is being phased out, it was not updated to support V3 templates.

So... for those of you trying to make a V3 template work with the 2008 web enrollment pages... stop!  :>)

Solution

0

You can use the Webenrlserver dll in place of scrdenrol dll
all the functions and interface is the same

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Welcome, visitor. Register Log in
About Hidden Microsoft

With more than ten years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Information Assurance, Windows automation, PKI, and IT security practices. Tyson is also the founding author of the Windows PowerShell Unleashed series and has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2006 Unleashed and Microsoft Windows Server 2008 Unleashed. He has also written many detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson works with and provides feedback for next generation Microsoft technologies since their inception and has also played a key role in expanding the automation and security practices at CCO. Tyson also holds such certifications as the Certified Information Systems Security Professional (CISSP), the SANS Security Essentials Certification (GSEC) and SANS Certified Incident Handler (GCIH), and the MCTS (Application Platform, Active Directory, and Network Infrastructure).


Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • SANS Security Essentials Certification (GSEC)
  • SANS Certified Incident Handler (GCIH)
  • MCTS (Application Platform, Active Directory, and Network Infrastructure)
  • Microsoft Certified Systems Engineer (MCSE) Security
  • CompTIA Security+

Publications:


Other Stuff:

  • Blogger NetworkWorld.com from June 2007
  • GIAC Advisory Board from 2009
  • SANS GSEC Local Mentor (a long time ago)
  • CompTIA Security+ SME (a long time ago)
  • Judge, Imagine Cup 2005 Int'l IT Competition
  • Judge, Imagine Cup 2007 Int'l IT Competition