Partilhar via


You cannot add V2 or V3 templates after an inplace upgrade was performed on a Windows Server 2008 enterprise CA

Technically, it is possible to install an enterprise CA on a Windows Server Standard edition. With this configuration, enterprise features of the certification authority are intentionally not available.

To enable the CA enterprise features, it is required to upgrade a Windows Server from Standard to Enterprise edition. To keep the existing enterprise CA configuration, it is recommended to just perform a Windows inplace upgrade. If you do this on a Windows Server 2008 you will recognize that only V1 certificate templates are available for assigning after the upgrade was performed.

To fix the problem, close the Certificate Services MMC snap-in and run the following commands with administrator permissions at a command-line on the CA computer:

certutil -setreg ca\setupstatus +512

net stop certsvc

net start certsvc

When you re-open the Certificate Services MMC snap-in, you are able to assign V1, V2 and V3 certificate templates to the certification authority.

[February 3, 2009 update] An official Microsoft Knowledgebase article is published under https://support.microsoft.com/kb/967332.

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    December 08, 2011
    When I run the certutil command above the registry value changes, but when I restart the certsvc service, the registry value is reverted back to the old value again. Anyone else had this problem? It is (now) an Enterprise-verion of Windows 2008 R2, used to be a Standard 2003.