When enrolling for a certificate with Microsoft Certificate Authority (MS CA), an error is generated at stage 500. The reason code in Director:
<IP address> , 4/3/2012 12:47:07 PM, \VED\Policy\Certificate Authorities\MS CA: \VED\Policy\Certificate Authorities\MS CA, Error: Error, Translated event: Microsoft CA - CSR Post Error, Error posting Certificate Signing request to CA \VED\Policy\Certificate Authorities\MS CA for \VED\Policy\MS CA Cert Enrollment\c. Return Code: 2, Error: Request denied
This error occurs because the CA has prevented us from uploading the CSR.
A possible cause for this is that the CA template object maybe have credentials assigned that have insufficient permissions.
On the MS CA, open Server Manager and navigate to the Certificate Templates container. Right click on the template and select 'Properties'. In the Security tab, select the Enrolling User and check the 'Enroll' box. This allows users to use the template for enrollment of certificates and will subsequently post the CSR to the CA.