You cannot add V2 or V3 templates after an inplace upgrade was performed on a Windows Server 2008 enterprise CA
Technically, it is possible to install an enterprise CA on a Windows Server Standard edition. With this configuration, enterprise features of the certification authority are intentionally not available.
To enable the CA enterprise features, it is required to upgrade a Windows Server from Standard to Enterprise edition. To keep the existing enterprise CA configuration, it is recommended to just perform a Windows inplace upgrade. If you do this on a Windows Server 2008 you will recognize that only V1 certificate templates are available for assigning after the upgrade was performed.
To fix the problem, close the Certificate Services MMC snap-in and run the following commands with administrator permissions at a command-line on the CA computer:
certutil -setreg ca\setupstatus +512
net stop certsvc
net start certsvc
When you re-open the Certificate Services MMC snap-in, you are able to assign V1, V2 and V3 certificate templates to the certification authority.
[February 3, 2009 update] An official Microsoft Knowledgebase article is published under https://support.microsoft.com/kb/967332.
Comments
- Anonymous
January 01, 2003
The comment has been removed - Anonymous
December 08, 2011
When I run the certutil command above the registry value changes, but when I restart the certsvc service, the registry value is reverted back to the old value again. Anyone else had this problem? It is (now) an Enterprise-verion of Windows 2008 R2, used to be a Standard 2003.