Thank Vadims for your quick answer!
Perhaps I didn't fully understand this article but there are screenshots about IIS console with two CEP Applications ("ADPolicyProvider_CEP_UsernamePassword" and "ADPolicyProvider_CEP_Certificate") for example this one.
It is correct: you cannot have multiple CEP (policy servers) instances on same server. Only multiple enrollment services (CES) are supported. And this blog post talks about CES, not CEP.
Hello Vadims, here is a doc from Microsoft where it says that "Two CEP/CES instances that are configured on one server" : https://docs.microsoft.com/en-us/windows-server/identity/solution-guides/certificate-enrollment-certificate-key-based-renewal
As far as I tested it, these powershell commands used to configure the second instances of CEP/CES don't work for me (for now) : https://docs.microsoft.com/en-us/windows-server/identity/solution-guides/certificate-enrollment-certificate-key-based-renewal#step-1-install-the-cep-and-ces-for-key-based-renewal-on-the-same-server
Here the error I get :
PS ...> Install-AdcsEnrollmentPolicyWebService -AuthenticationType Certificate -SSLCertThumbprint "xxxxxxxxxxxxxxxxxxxxxxxxx"
Performing the operation "Install-AdcsEnrollmentPolicyWebService" on target "XXXXXXXX".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
Install-AdcsEnrollmentPolicyWebService : Setup could not add this role service because it already exists in the default Web site. Please remove the existing role
service or select a different certification authority (CA) or authentication type. Cannot create a file when that file already exists. 0x800700b7 (WIN32/HTTP: 183
At line:1 char:1
+ Install-AdcsEnrollmentPolicyWebService -AuthenticationType Certificat ...
+ CategoryInfo : InvalidOperation: (:) [Install-AdcsEnrollmentPolicyWebService], EnrollmentPolicyServiceSetupException
+ FullyQualifiedErrorId : Install,Microsoft.CertificateServices.Deployment.Commands.CEP.InstallAdcsEnrollmentPolicyWebService
Could you please tell me what is your opinion about this doc ?
Thank you in advance !
For your information :
PS ...> certutil -config "<myCA>" -enrollmentserverurl
Enrollment Server Url:
UserName -- 4
CertUtil: -enrollmentServerURL command completed successfully.
Try to delete it:
certutil -oid <OidDisplayName> delete
consult with help: certutil -oid -?
certutil -oid -?
By accident I have changed policy extention name, certutil -oid [number] [policy name]...I can't back to old name, please any advice?
No I see at View Obkect Identifiers:
Policy name Object Identifier Policy Type
"bad name" "number" Application
© 2008 - 2020 - Sysadmins LV. All rights reserved