This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 14.000000000000002%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Currently i have a separate server configured for web enrollment with open trust delegation from the enterprise CA. (using kerberos only)
However, when i require windows authentication for the web enrollment web page, it throws me an error
An unexpected error has occurred: The Certification Authority Service has not been started.
(this is for the download CA certificate, CRL option)
When i turn set to 'Automatic login only when in intranet zone' from internet options, everything works fine. (Kerberos ticket is retrieved when i check using klist http/web-server) Once i change to 'Prompt for username and password', i get errors above and sometimes the authentication fails 3 times with the 401 not authorized error.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello @PKInoob88 ,
Thank you for posting here.
We are researching it, and if there is any update, we will update here as soon as possible.
Thank you for your understanding and support.
Best Regards,
Daisy Zhou
Hello @PKInoob88 ,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.
Best Regards,
Daisy Zhou
Hello @PKInoob88 ,
Thank you for your waiting.
I have done a test in my lab.
I can request certs no matter the option is 'Automatic login only when in intranet zone' or 'Prompt for username and password' from internet options. I have checked in two different PKI environments.
Can you please check if there is the same behavior on different PCs.
Can you please check if there is the same behavior about different users.
Best Regards,
Daisy Zhou