Share via

Content Feedback: Certificate Enrollment Web Service Guidance

Edmondson, Joel 1 Reputation point
Nov 14, 2022, 6:36 AM

This article
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831822(v=ws.11)

In the section titled "To configure the Certificate Enrollment Web Service computer account for constrained delegation"

Step 7 specifies "type the name of the computer that is hosting the Certificate Enrollment Web Service", where it should say "type the name of the computer that is hosting the Certificate Authority"

(Note that this statement is also used in step 2, but is correct when used here).

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,902 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Vadims Podāns 9,131 Reputation points MVP
    Nov 14, 2022, 8:04 AM

    Unfortunately, your referenced article is archived by Microsoft and there are literally zero chances it will be ever updated.

    0 comments No comments

  2. Daisy Zhou 29,651 Reputation points Microsoft Vendor
    Nov 15, 2022, 4:06 AM

    Hello EdmondsonJoel-8260,

    Thank you for posting in our Q&A forum.

    After reading the article you provided carefully, I can see:

    You need to perform the following procedure only if you selected Use the built-in application pool identity when you specified the service account for the Certificate Enrollment Web Service.

    To configure the Certificate Enrollment Web Service computer account for constrained delegation

    260345-ces111.png

    It depends on how you configure the step "5. Ensure that Use Kerberos only is selected (if the authentication type was set to Windows integrated authentication during installation) or Use any authentication protocol (if the authentication type was set to Client certificate authentication during installation), and then click Add." within "To configure the Certificate Enrollment Web Service user account for constrained delegation".

    If you selected Use the built-in application pool identity when you specified the service account for the Certificate Enrollment Web Service.

    I think step "7. In the Select Users or Computers dialog box, type the name of the computer that is hosting the Certificate Enrollment Web Service. Click Check Names, and then click OK." within "To configure the Certificate Enrollment Web Service computer account for constrained delegation"
    Should be correct.

    260346-ces222.png

    Hope the information above is helpful.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.