Help and Support
 

powered byLive Search

"The certificate request failed because of one of the following conditions" error message when you request a certificate in ISA Server 2004

View products that this article applies to.
Article ID:833704
Last Review:January 15, 2005
Revision:2.2

SYMPTOMS

When you request a certificate for your Microsoft Internet Security and Acceleration (ISA) Server 2004 computer by using the Microsoft Management Console (MMC) Certificates snap-in on the ISA Server computer, you receive the following error message:
The certificate request failed because of one of the following conditions:
- the certificate request was submitted to a Certification Authority (CA) that is not started.
- You do not have the permissions to request certificates from the available CAs.
This issue occurs even after you verify that the Certification Authority is started and that you have sufficient permissions to request a certificate.

Back to the top

CAUSE

This issue occurs because, by default, ISA Server enforces strict remote procedure call (RPC) compliance on all firewall rules. To request a certificate for the ISA Server computer, you must modify the firewall policy. This is the expected behavior in ISA Server 2004.

Back to the top

RESOLUTION

To resolve this issue, modify the system policy in ISA Server 2004 to permit DCOM network traffic from the ISA Server computer to the certification authority. To do this, follow these steps:
1.Start the ISA Server Management tool.
2.Expand the ServerName node, where ServerName is the name of your ISA Server 2004 computer, and then click Firewall Policy.
3.In the right pane, click the Tasks tab, and then click Edit System Policy.
4.Under Authentication Services, click Active Directory.
5.Click to clear the Enforce strict RPC compliance check box, and then click OK.
6.Click Apply to save your changes and to update firewall policy.

Back to the top

MORE INFORMATION

To request a certificate for the ISA Server computer, click to clear the Enforce strict RPC compliance check box in the System Policy Editor dialog box. However, to request a certificate for a client computer when the client computer and the Certification Authority are on different networks, you do not have to modify the system policy on the ISA Server computer. In this scenario, you must modify the strict RPC-compliance settings for the rule or rules that permit traffic between the two networks. To do this, follow these steps:
1.Start the ISA Server Management tool.
2.Expand the ServerName node, and then click Firewall Policy.
3.Right-click the rule that permits traffic between the network where the Certification Authority resides and the network where the client computer resides.
4.Click Configure RPC Protocol.
5.Click to clear the Enforce strict RPC compliance check box, and then click OK.
6.Repeat steps 3 through 5 to modify system policy rules and to permit DCOM communications between any other rules that are between two particular networks.
7.When you have finished modifying policy rules, click Apply.

Back to the top

APPLIES TO
Microsoft Internet Security and Acceleration Server 2004 Standard Edition

Back to the top

Keywords: 
kberrmsg kbprb KB833704

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.