When you try to request a new certificate from AD
CS using a CRS you get the following error
"The request contains no certificate
template information 0x80094801 CERTSRV_E_NO_CERT_TYPE Denied by Policy Module
0x80094801 The request does not contain a certificate template extension or the
Certificate Template request attribute."
This was when the "Request new CA
certificate" option was used from the Certificate Authority GUI.
To use the command line tools to generate this
certificate you must find the true certificate template name, please note that
this is not the template name which is displayed in the Certificate Templates
pane.
To find the true name right click Certificate Templates
and select Manage, find your template from the list and select Properties.
The certreq looking for the Template Name, not
the Template Display Name.tool is
Use the command line tool certreq.exe with the
following command
certreq –adminforcemachine –config “cahostname\certauthname”
-submit -attrib "CertificateTemplate: CertificateTemplateName" “C:\Path
to CSR”
Please note if you leave –adminforcemachine or –config
out of this command you will get the following error “The DNS name is unavailable and cannot be added to the Subject
Alternate Name”
Once you do this it will ask you to confirm which
AD CS in the AD you want to issue the certificate, in my example there is only
one.
