I'm having issues with the "enterprise CA" option being grayed out during installation of the ADCS role for a 2008 R1 Enterprise Edition server (for a new Ent. Sub. CA). The account I was using had Enterprise Admin rights in the root domain and Domain Admin rights for the child domain that the CA will be installed into (I don't need root domain admin since I have enterprise admin, right?). The server is already joined to the domain. I verified Enterprise Admins have full control for Public Key Policy container and all child containers. I have not tried to re-create this as another CA (2003) is online within the same domain/forest - I would prefer not having to do this if at all possible. I tried moving the capolicy.inf out of windir in case it was getting in the way. I believe I have the firewall cleaned up - is there an official resource that documents how to configure the firewall for just the CA? I'm not installing web services or anything else - this is a dedicated box.
Thanks in advance...