rtroxell
rtroxell 11.02.2020 02:13 (GMT+2) The case of accidentally deleted user certificates

Thank You!!!!! I was able to use this method and sort things out, I was able to locate the SN from anohter user that had her previous cert stored. from there it was a matter of utilizing the commands

Vadims Podāns
Vadims Podāns 09.02.2020 14:51 (GMT+2) Certificate Autoenrollment in Windows Server 2016 (part 3)

I would suggest to initiate manual certificate request.

Atif M Baig
Atif M Baig 09.02.2020 10:31 (GMT+2) Certificate Autoenrollment in Windows Server 2016 (part 3)

Hi, I install enrollment agent certificate on my prsonal store. But I was having issues so I deleted the Enrollment agent certificate from my PC. Now when I am trying to get a certificate on behalf of other uses I don't see any certificate. I also revoke the certificate in CA. I am not able to unrevole it. How I can remove Enrollment agent certificate from my PC and reissue it ?

Vadims Podāns
Vadims Podāns 04.02.2020 21:44 (GMT+2) Add multiple Certificate Enrollment Service instances

You don't need to run CEP service under MSA or domain user account. You can use built-in app pool account for that. Where you really want to change domain account with MSA is CES service. Though, I never was able to do it. Impersonation step always fail to me even if SPNs are set correctly.

The trick above is very interesting, though, I never tried to install more than one CEP role on single server. I did it for CES, bet never for CEP. 

Wei
Wei 04.02.2020 21:23 (GMT+2) Add multiple Certificate Enrollment Service instances

Hi Vadims,

I believe you can install multiple CEP instances on the same server. As François mentioned above, he seems to find the command to run before adding the 2nd CEP auth.

My situation is that I am trying to use  a MSA instead of regular domain user account. It worked with Kerberos and Username/Password options, but not with Certificate /KeyBasedRenewal. And I am trying to figure out why.