Builtin account for CEP/CES certificate

Terry O'Donal 41 Reputation points

I set up my CEP certificate server to use the application pool and when I test it, it gives me a green light on the pass through but cannot verify the builtin account authentication. I have read in other tech notes that I need to set up a service account and add the IIS security group admin account and the domain admin accounts to the member lists. Would this service account be the one referenced in the failed test in the IIS/CEP basic settings test?

Internet Information Services
{count} votes

1 answer

Sort by: Most helpful
  1. Terry O'Donal 41 Reputation points

    In my lab, I have the CEP and CES certificate enrollers installed on the same machine as the CA. I went with the 2nd option which was use the application pool because on previous installs, I used the 1st option and set up a service account as described, installed the SPN like in your article but could never get the authentication to work. Now, I am having the same issue using the application pool. It is asking about a "builtin account", which I am wondering if I shouldn't set up a service account and add it to the IIS_user security group like before. I just need confirmation that this is the builtin account the message is telling me about or is is something else.