Trust Protection Platform 14.2 and above
When trying to either retrieve certificate templates or enroll against an Microsoft CA, it fails with the error message "Failed to launch CA communication process with error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it"
This error is likely due to the Secondary Logon service being disabled.
Since 14.2, we no longer use the Venafi COM + Service to communicate with a Microsoft CA. Instead we require the Secondary Logon service to be enabled so our application can successfully communicate.
- Open Services.msc
- Search for the Secondary Logon service
- Change the Startup type to Manual
NOTE: The Venafi Trust Protection Platform Server might need to be rebooted for the change to be applied.
If there are more than one Venafi Trust Protection Platform server, those steps must be applied to all of them
What are the minimum rights required to setup MSCA
Error: "System error: CCertAdmin: GetCAProperty: The RPC server is unavailable. 0x800706b (WIN32: 1722)" is displayed when trying to communicate with a Microsoft CA