Quantcast
Channel: Security forum
Viewing all articles
Browse latest Browse all 12072

ADCS Policy Web Service - Access was denied by the remote endpoint. 0x803d0005 (-2143485947)

$
0
0
 Hi there fellow colleagues,


I am currently facing a problem with ADCS Policy Web Service on Windows Server 2008 R2 Enterprise (SP1).
• Hotfix installed http://support.microsoft.com/default.aspx?scid=kb;EN-US;2545850
• Application Pool Identity: ApplicationPoolIdentity (also tested custom service account)
• Testing from local machine and another machine
• CA and CEP on same system
• I am getting a Kerberos ticket for the service and I can see a successful logon event for the my user.
• Kerberos authentication is working - directly calling the URL I get a 403.14 (Directory Listing Denied) with Logon Method Negotiate

The following message is shown in the Certificate Services Client - Certificate Enrollment Policy Server

The remote endpoint could not process the request. 0x803d000f (-2143485937)

The following WS-Errors are in the WebServices analytic log
•WsCall API failed by 0x803D0005
•Error occurred: 0x0 - There was an error communicating with the endpoint at 'https://cep.example.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP'.
•Error occurred: 0x0 - The server returned HTTP status code '401 (0x191)' with text 'Unauthorized'.
•Error occurred: 0x0 - The requested resource requires user authentication.
•Error occurred: 0x803D0005 - Access was denied by the remote endpoint.

 In the application log I can see an event ID 3, source System.ServiceModel 3.0.0.0, Level Error

 WebHost failed to process a request.

 Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/45653674

 Exception: System.ServiceModel.ServiceActivationException: The service '/ADPolicyProvider_CEP_Kerberos/service.svc' cannot be activated due to an exception during compilation.  The exception message is: Software\Microsoft\CEP. ---> System.Configuration.ConfigurationErrorsException: Software\Microsoft\CEP

   at Microsoft.CertificateServices.Policy.DerivedHost.Initialize()

   at Microsoft.CertificateServices.Policy.DerivedHost.OnOpening()

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)

   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)

   --- End of inner exception stack trace ---

   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)

   at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)

 Process Name: w3wp

 Process ID: 3108

The EnrollmentPolicyWebService log on the other hand tries to tell me:

The Certificate Enrollment Policy Web Service failed to initialize. Confirm that the Certificate Enrollment Policy Web Service is properly installed. Try to restart Internet Information Services (IIS) by using iisreset.exe. If the problem persists, enable tracing in the web.config file, restart IIS, attempt to obtain policy information from any client, and then contact Microsoft Customer Service and Support with the trace file information.  Unknown HResult Error code: 0x80131902

I am kind of lost and I'd appreciate some help...

Thanks,

MMF

 

 

 

 


Viewing all articles
Browse latest Browse all 12072

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>