Hi
I recently found an error in Application log on the server with AD CS role installed. The error was:
Active Directory Certificate Services could not publish a Certificate for request 0 to the following location on server <Domain Controller Name>: ldap:///CN=<common name> ,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=inlab,DC=local. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344).
ldap: 0x32: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
I added Read and Write permission for Cert Publishers for <domain> CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration through ADSIEdit and after restart the error disappeared. When I look into Attribute editor for the record I found a new attribute - "crossCertificatePair".
I checked this attribute against other deployed AD CS servers in other domains and found none. I also can not find meaning of this attribute. Can anybody explain what this attribute stands for?
We have two domain controllers - Windows Server Enterprise 2008 R2 and Windows Server Core Enterprise 2008 R2 on virtual machine. CA is Windows Server Enterprise 2008 on virtual machine.
Thanks in advance.