Question: The certification authority is added to the policy but the following error occurs while issuing a card:
Enrollment Agent certificate not found
However, the certificate is valid and resides in the workstation storage with Indeed CM server installed. The privileges required to manage the private key of the certificate are set properly.
Answer: The error might be attributed to that the template of “Enrollment Agent” certificate has a name that differs from default one of template of Enrollment Agent certificate in Microsoft CA. If this is the case, then you have to issue a certificate using the default template name, that is EnrollmentAgent. If the default name of certificate template is used, then make sure that service account name (the value before @ character) in the Subject Alternative Name parameter of Enrollment Agent certificate is identical to one in the certification authority settings, section Configuration - <Policy name> - PKI settings - Microsoft - Certification authorities. The account names in the certificate and in the policy must be identical and in the same letter case.
|