I migrated an enterprise root CA from 2008 Standard to 2012 Standard. All seems to be working, however when I submit a certificate request (via web enrollment) for a user certificate, it appears to work properly, but the following event is generated on the CA:
Active Directory Certificate Services could not publish a Certificate for request 24 to the following location on server
dc01.lab.com: CN=Admin,OU=IT,OU=Administrators,DC=lab,DC=com. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344).
ldap: 0x32: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
I've given the Cert Publishers AD group read/write to 'Domain users' and 'Domain computers' per some recommendations I saw in a similar thread, however that didn't fix anything.
**Update**
I rebooted the server and this error went away, however I'm receiving the following errors after a reboot from the CA services:
The "Windows default" Policy Module logged the following warning: The Active Directory connection to ??? has been reestablished to DC01.lab.com.
The "Windows default" Policy Module "Initialize" method returned an error. The specified domain either does not exist or could not be contacted. The returned status code is 0x8007054b (1355). The Active Directory containing the Certification Authority could not be contacted.
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
When I generated a new user certificate after a reboot it logged this: The "Windows default" Policy Module logged the following warning: The Active Directory connection to DC01.lab.com has been reestablished to DC01.lab.com.