Sleepw4lker
commented
3 months ago Hello, are you sure this issue is related to TameMyCerts at all?
The only case where it would give this error code if it cannot find relevant registry information.
The behavior is that when the Windows Default policy module already denied the request, TameMyCerts will not handle the certificate request at all but directly return the result to the CA process. In this case, it will not log anything (with default logging settings).
You can increase CA and TameMyCerts logging verbosity with this command, followed by a restart of the CA service.
certutil –setreg Enroll\LogLevel 4
If the request was already denied by the Windows Default policy module you will then get Event ID 11 from TameMyCerts. Then it is not a TameMyCerts issue. In that case, maybe this may be a helpful resource.
RNalivaika
Just installed and configured ver 1.6.1045.1129 on a Win Server 2022 Enterprise CA machine. Added an XML file in Policy folder. A test client is requesting a cert, the request is failing:
_Active Directory Certificate Services denied request 666 because The requested certificate template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERTTYPE). The request was for CN=TestComputer69. Additional information: Denied by Policy Module
I was expecting a related log entry detailing the issue from source TameMyCerts. The source exists in Event Viewer filter, but there are no events from this source. I am using an older version of TameMyCerts on another Win Server 2019 Enterprise CA machine successfully and used to seeing events from source TameMyCerts. They were very helpful in formating the policy XML file correctly.