JSI Tip 6470. When a user requests a certificate from a CA Web enrollment page, they receive 'No certificate templates could be found'?

When a user requests a certificate from a certification authority (CA) Web enrollment page, they receive:

No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.

If the Web enrollment pages are in an Active Directory domain on an Enterprise CA server, you will encounter this behavior if there is a case mismatch between the sServerConfig value in the %systemroot%\System32\Certsrv\Certdat.inc file and the dnsHostName attribute in the pkiEnrollmentService object at
CN=CertificateServer,CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=MyDomain,DC=com
(use ASDIEdit.msc to view the object).

To resolve this issue, edit the %systemroot%\System32\Certsrv\Certdat.inc file and change the sServerConfig value to match the dnsHostName attribute.

NOTE: The user must restart Internet Explorer to allow the new credentials to pass to the CA.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.