Thank You!!!!! I was able to use this method and sort things out, I was able to locate the SN from anohter user that had her previous cert stored. from there it was a matter of utilizing the commands
I would suggest to initiate manual certificate request.
Hi, I install enrollment agent certificate on my prsonal store. But I was having issues so I deleted the Enrollment agent certificate from my PC. Now when I am trying to get a certificate on behalf of other uses I don't see any certificate. I also revoke the certificate in CA. I am not able to unrevole it. How I can remove Enrollment agent certificate from my PC and reissue it ?
You don't need to run CEP service under MSA or domain user account. You can use built-in app pool account for that. Where you really want to change domain account with MSA is CES service. Though, I never was able to do it. Impersonation step always fail to me even if SPNs are set correctly.
The trick above is very interesting, though, I never tried to install more than one CEP role on single server. I did it for CES, bet never for CEP.
I believe you can install multiple CEP instances on the same server. As François mentioned above, he seems to find the command to run before adding the 2nd CEP auth.
My situation is that I am trying to use a MSA instead of regular domain user account. It worked with Kerberos and Username/Password options, but not with Certificate /KeyBasedRenewal. And I am trying to figure out why.
© 2008 - 2020 - Sysadmins LV. All rights reserved