luisfelix2

Hello, I have got my vacations, so last two weeks I was away from work
for my devoted relaxation, but now I'm again at work.

In the event log there is a warning like this (I translated it, so
could be some difference from US version...):
Origin: CertSvc
Category: none
Type: warning
Event_ID: 53
user: N/D
Description (Translated to US):
Request 117 rejected from the certificate services, the dwValue Type
for CERT_NAME_VALUE non included between character strings. Perhaps it
could be CERT_RDN_ENCODED_BLOB or CERT_TDN_OCTET_STRING. 0x80092024
(-2146885596). The request was for CN=a5y01r12.Domain2. More
information: Rejected by policy module

After the above error, I can find the "Certificate Template" extension
in rejected request, but it is empty.

Ps: To add the "Certificate Template" extension to the certificate
request html page I used the follow code before submit the request:
XEnroll.addExtensionToRequest 0, "1.3.6.1.4.1.311.20.2",
"DomainController"

Thanks for any help,
Luis

luisfelix2

I have found a solution (by a workaround) to add the "Certificate
Template" extension to the third-party DC certificate, but even using
it, I can't autenticate smartcard certificates generated by a
third-party CA (...following the KB281245 and related docs guidelines,
of course).

Perhaps, am I wrong to install the new third-party CA DC cert?

I installed my DC cert by using MMC with the Certificates (Local
certificates) snap-in. In the Personal\Certificates folder I deleted
the old domain cert and imported the new cert.
But the result was the same: the system can't autenticate smartcards
with third-party certificate.
Moreover if I restart the server, the previously deleted DC cert is
again in the same place (like a rollback).

If so, how I can install the new DC cert?

Thanks in advance,
Luis