I am currently facing a problem with ADCS Policy Web Service on Windows Server 2008 R2 Enterprise (SP1).
• Hotfix installed
http://support.microsoft.com/default.aspx?scid=kb;EN-US;2545850
• Application Pool Identity: ApplicationPoolIdentity (also tested custom service account)
• Testing from local machine and another machine
• CA and CEP on same system
• I am getting a Kerberos ticket for the service and I can see a successful logon event for the my user.
• Kerberos authentication is working - directly calling the URL I get a 403.14 (Directory Listing Denied) with Logon Method Negotiate
The following message is shown in the Certificate Services Client - Certificate Enrollment Policy Server
The remote endpoint could not process the request. 0x803d000f (-2143485937)
The following WS-Errors are in the WebServices analytic log
•WsCall API failed by 0x803D0005
•Error occurred: 0x0 - There was an error communicating with the endpoint at 'https://cep.example.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP'.
•Error occurred: 0x0 - The server returned HTTP status code '401 (0x191)' with text 'Unauthorized'.
•Error occurred: 0x0 - The requested resource requires user authentication.
•Error occurred: 0x803D0005 - Access was denied by the remote endpoint.
In the application log I can see an event ID 3, source System.ServiceModel 3.0.0.0, Level Error
WebHost failed to process a request.
Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/45653674
Exception: System.ServiceModel.ServiceActivationException: The service '/ADPolicyProvider_CEP_Kerberos/service.svc' cannot be activated due to an exception during compilation. The exception message is: Software\Microsoft\CEP. ---> System.Configuration.ConfigurationErrorsException: Software\Microsoft\CEP
at Microsoft.CertificateServices.Policy.DerivedHost.Initialize()
at Microsoft.CertificateServices.Policy.DerivedHost.OnOpening()
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
--- End of inner exception stack trace ---
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
Process Name: w3wp
Process ID: 3108
The EnrollmentPolicyWebService log on the other hand tries to tell me:
The Certificate Enrollment Policy Web Service failed to initialize. Confirm that the Certificate Enrollment Policy Web Service is properly installed. Try to restart Internet Information Services (IIS) by using iisreset.exe. If the problem persists, enable tracing in the web.config file, restart IIS, attempt to obtain policy information from any client, and then contact Microsoft Customer Service and Support with the trace file information. Unknown HResult Error code: 0x80131902
I am kind of lost and I'd appreciate some help...
Thanks,
MMF