Thursday, 19 July 2018

Certificate Services New Cert Req from CSR fails with "The request contains no certificate template information 0x80094801 CERTSRV_E_NO_CERT_TYPE Denied by Policy Module 0x80094801 The request does not contain a certificate template extension or the Certificate Template request attribute."

When you try to request a new certificate from AD CS using a CRS you get the following error
"The request contains no certificate template information 0x80094801 CERTSRV_E_NO_CERT_TYPE Denied by Policy Module 0x80094801 The request does not contain a certificate template extension or the Certificate Template request attribute."
This was when the "Request new CA certificate" option was used from the Certificate Authority GUI.


To use the command line tools to generate this certificate you must find the true certificate template name, please note that this is not the template name which is displayed in the Certificate Templates pane.
To find the true name right click Certificate Templates and select Manage, find your template from the list and select Properties. 


The certreq looking for the Template Name, not the Template Display Name.tool is 

Use the command line tool certreq.exe with the following command
certreq –adminforcemachine –config “cahostname\certauthname” -submit -attrib "CertificateTemplate: CertificateTemplateName" “C:\Path to CSR”
Please note if you leave –adminforcemachine or –config out of this command you will get the following error “The DNS name is unavailable and cannot be added to the Subject Alternate Name
Once you do this it will ask you to confirm which AD CS in the AD you want to issue the certificate, in my example there is only one. 

Comments system

Disqus Shortname