Applies to:
TrustAuthority 14.2
Info:
There is a problem running TrustAuthority 14.2 on the same system with Microsoft CA. This should never be done in a production environment but can be done in a testing purpose. This article covers the issues you may run into with this setup.
More Info:
After the upgrade to version 14.2, when you enroll a cert, it fails at stage 500.
The error is:
"The format of the specified domain name is invalid. (hresult 0x0800704bc)"
The logs show a more complete error message:
"An error occurred communicating with the CA \VED\Policy\Certificate Authority Templates\MS CA (Internal)\MS CA Webserver (2yr). Error: The format of the specified domain name is invalid. (Exception from HRESULT: 0x800704BC). Additional error data at Interop.CERTCLIENTLib.CCertRequestClass.Submit(Int32 Flags, String strRequest, String strAttributes, String strConfig) at Venafi.Drivers.CertificateAuthority.Microsoft.MSCA_Service.PostCSRWithSans(String connection, String cadn, String ownerdn, String template, String csr, Dictionary`2 sans, Int32& requestid, String& error)"
The error occurs using either domain admin as credentials or the service account with at least read / write / enroll on the Web Server Certificate template and the MSCA.
Workaround for this issue is to run the Venafi Trust Protection Platform service as a user that has rights to the local MSCA. Is using Windows Authentication with MS SQL the service account would need to have rights to the local MSCA.
Comments