Hi,
i'm performing a migration of a CA on a Windows 2008 R2 domain controller to Windows 2016 domain member.
Migration itself is not a problem. Everything is running...
The funny thing is i cannot enroll a webserver certificate as domain admin on the 2016 domain member.
I'm getting : The permissions on the certificate template do not allow the current user to enroll for this type of certificate. 0x80094012 (-2146877422 CERTSRV_E_TEMPLATE_DENIED)
I'm a member of the domain admins group, which have read, write and enroll permissions on the webserver template.
And here it comes... If i add my domain admin account individually to the template, it works...
If i go to the old CA (the Windows 2008R2) and run the certreq there, it also works...
Has anyone encountered something similar?