Windows PKI blog

News and information for public key infrastructure (PKI) and Active Directory Certificate Services (AD CS) professionals

You cannot add V2 or V3 templates after an inplace upgrade was performed on a Windows Server 2008 enterprise CA

You cannot add V2 or V3 templates after an inplace upgrade was performed on a Windows Server 2008 enterprise CA

  • Comments 2
  • Likes

Technically, it is possible to install an enterprise CA on a Windows Server Standard edition. With this configuration, enterprise features of the certification authority are intentionally not available.

To enable the CA enterprise features, it is required to upgrade a Windows Server from Standard to Enterprise edition. To keep the existing enterprise CA configuration, it is recommended to just perform a Windows inplace upgrade. If you do this on a Windows Server 2008 you will recognize that only V1 certificate templates are available for assigning after the upgrade was performed.

To fix the problem, close the Certificate Services MMC snap-in and run the following commands with administrator permissions at a command-line on the CA computer:

certutil -setreg ca\setupstatus +512

net stop certsvc

net start certsvc

When you re-open the Certificate Services MMC snap-in, you are able to assign V1, V2 and V3 certificate templates to the certification authority.

[February 3, 2009 update] An official Microsoft Knowledgebase article is published under http://support.microsoft.com/kb/967332.

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment