How to issue certificate for Office Communications Server 2007 R2 when the Web Server Template has been disabled on the Certificate Authority

Problem

You receive an error trying to issue a certificate via the Certificate Wizard because the default web server template has been disabled on the certification authority.

Symptom

You may see the following error in the Certificate Authority Server logs. "Denied by Policy Module 0x80094800. The request was for a certificate template that is not supported by the Certificate Services policy."

Cause

Web Server template has been disabled and the Office Communications Server Certificate Wizard is hard coded to use the Web Server template.

Resolution

Use the LCSCMD.exe /Cert command line utility to request the certificate and specify the custom template to use.

LCSCmd.exe /Cert /Action:Request /OU: /org: /sn: /country: /state: /city: [/online[:{TRUE|FALSE}]] [/friendlyName:] [/bitLength:] [/exportable[:{TRUE|FALSE}]] [/san:] [/Filename:] [/ca:\>] [/caAccount:\ or \>] [/caPassword:] [/autoAppendSNToSAN[:{TRUE|FALSE}]] [/enableClientEKU[:{TRUE|FALSE}]] [/assign:{TRUE|FALSE}] [/Components:{AP | DP | MR | INTERNAL}] [/L:] [/XML[:{TRUE|FALSE}]] [/?[:{TRUE|FALSE}]] /Template:
Such as:
LCSCmd.exe /Cert /Action:Request /OU:Marketing /Org:Contoso /sn:eepool1.contoso.com
/country:US /city:Redmond /state:Washington /Template:WebServer2

More Information

The /Template switch is undocumented and not supported. For more information on managing certificates from the command line see https://technet.microsoft.com/en-us/library/dd572468(office.13).aspx.