Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Automatic Certificate Request for Internet Protocol Security May Not Distribute Certificate


View products that this article applies to.

Symptoms

After you create an automatic certificate request Group Policy for Internet Protocol security (IPSec), computers may not receive an IPSec certificate, even though the policy has been applied.

↑ Back to the top


Cause

This issue can occur if a corresponding IPSec certificate template has not been created at the enterprise certification authority (CA).

↑ Back to the top


Resolution

To resolve this issue, create an IPSec certificate template at the enterprise CA:
  1. Start the Certification Authority Microsoft Management Console (MMC) snap-in that is located in the Administration Tools folder on the enterprise CA.
  2. Right-click Certificate Templates, and then New - Certificate Template to Issue.
  3. Click the IPSEC template, and then click OK.
NOTE: Computers do not receive the IPSec certificate until the next Group Policy refresh interval. To force an immediate policy refresh, you can use the gpupdate command.

↑ Back to the top


Status

This behavior is by design.

↑ Back to the top


Keywords: KB298489, kbprb, kbnetwork, kbenv

↑ Back to the top

Article Info
Article ID : 298489
Revision : 5
Created on : 3/2/2007
Published on : 3/2/2007
Exists online : False
Views : 412