This article provides help to solve an error "No certificate templates could be found" that occurs when you request certificates from CA web enrollment pages.
Applies to: Windows Server 2003
Original KB number: 811418
When a user tries to request a certificate from the certification authority (CA) web enrollment pages, the user may receive the following error message:
No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.
This behavior occurs if the Web enrollment pages are in an Active Directory domain on an Enterprise CA server. It occurs whether the web enrollment pages are on the same server or on a different member server.
The CA Web enrollment pages perform a case-sensitive string comparison of two values. One value is the sServerConfig value in the Certdat.inc file in the %systemroot%\System32\Certsrv folder on the certificate server, and the other value is the dnsHostName attribute on the pkiEnrollmentService object in Active Directory. If the two strings do not match, including the case match, the enrollment fails.
To correct this behavior, follow these steps:
Note The sServerConfig value must be in the same exact case as the dNSHostName attribute. If this is not true, you will continue to get the same error.
Note Also make sure that the user is granted Read and Enroll permissions on the certificate template which that user is requesting. You can grant these permissions either by using the ADSIEdit snap-in or the Certificate Templates snap-in.