Add the Certificate Authority's Computer Account to the Cert Publishers Security Group:
a. Log onto a domain controller or a machine with the Active Directory Users and Computers (ADUC) snap-in installed.
b. Open ADUC (dsa.msc
).
c. Navigate to the Builtin container/folder.
d. Double-click the Cert Publishers group.
e. Go to the Members tab and click Add.
f. Change the object type to include Computers.
g. Locate and add the computer account of your certificate authority.
h. Click OK to close all open windows.