- Remove From My Forums
-
Question
-
I am attempting to implement an Enterprise CA including web enrollment. I have installed the role and role services, and the CA appears to function. However, I receive HTTP error 500.19 when trying to browse the /certsrv virtual directory:
Module IIS Web Core Notification BeginRequest Handler Not yet determined Error Code 0x80070003 Config Error Cannot read configuration file Config File \?C:Windowssystem32CertSrven-USweb.config Requested URL http://server11.tec.local:80/certsrv Physical Path C:Windowssystem32CertSrven-US Logon Method Not yet determined Logon User Not yet determined I receive HTTP 500 in all browsers, and the above when browsing localhost/certsrv. I have researched and made many attempts to fix this, without luck. I’ve modified NTFS ACLs on the system32CertSrv directory and subs, recreated the
virtual directory with certutil -vroot, edited application pool settings, all to no avail. The part that strikes me as an obvious problem is the lack of any web.config file in en-US, which the error points to. However, as I said, I have recreated
the directory with certutil after clearing out the IIS virtual directory.The server itself is a domain controller running Server 2008 R2 Enterprise SP1. It runs DNS and all FSMO roles. It also runs DHCP, file and print services, RDS Licensing (and Citrix licensing), and AD DS & CS as mentioned. There
is another server in the environment running Server 2003 SP2. This is the «old» domain controller, which is also a certificate authority. I am configuring AD CS for the purpose of being able to decommission the old server. ADCS seems to be
otherwise functioning, so I am hoping to avoid removing the role service itself.Any thoughts?
(I previously posted
this in Directory Services and was told to move it here)
Answers
-
-
Proposed as answer by
Thursday, April 5, 2012 4:49 PM
-
Marked as answer by
ptilsen
Friday, October 9, 2015 4:11 PM
-
Proposed as answer by
- Remove From My Forums
-
Question
-
I am attempting to implement an Enterprise CA including web enrollment. I have installed the role and role services, and the CA appears to function. However, I receive HTTP error 500.19 when trying to browse the /certsrv virtual directory:
Module IIS Web Core Notification BeginRequest Handler Not yet determined Error Code 0x80070003 Config Error Cannot read configuration file Config File \?C:Windowssystem32CertSrven-USweb.config Requested URL http://server11.tec.local:80/certsrv Physical Path C:Windowssystem32CertSrven-US Logon Method Not yet determined Logon User Not yet determined I receive HTTP 500 in all browsers, and the above when browsing localhost/certsrv. I have researched and made many attempts to fix this, without luck. I’ve modified NTFS ACLs on the system32CertSrv directory and subs, recreated the
virtual directory with certutil -vroot, edited application pool settings, all to no avail. The part that strikes me as an obvious problem is the lack of any web.config file in en-US, which the error points to. However, as I said, I have recreated
the directory with certutil after clearing out the IIS virtual directory.The server itself is a domain controller running Server 2008 R2 Enterprise SP1. It runs DNS and all FSMO roles. It also runs DHCP, file and print services, RDS Licensing (and Citrix licensing), and AD DS & CS as mentioned. There
is another server in the environment running Server 2003 SP2. This is the «old» domain controller, which is also a certificate authority. I am configuring AD CS for the purpose of being able to decommission the old server. ADCS seems to be
otherwise functioning, so I am hoping to avoid removing the role service itself.Any thoughts?
(I previously posted
this in Directory Services and was told to move it here)
Answers
-
-
Proposed as answer by
Thursday, April 5, 2012 4:49 PM
-
Marked as answer by
ptilsen
Friday, October 9, 2015 4:11 PM
-
Proposed as answer by
- Remove From My Forums
-
Question
-
User1301250611 posted
Have installed Certification Authority and Certification Authority Web Enrollement successfully but I am unable to browse to http:\localhostCertSrv
I can see CertSrv virtual directory in my default web site.
HTTP Error code 500 occurs on the browser…
Any ideas of what might the problem could be?
I have a gut feeling there’s a problem with .ASP permissions.
Thanks in Advance!
Answers
-
User157784788 posted
In IIS 6 it is disallowed by default. If you enable it might work.
Check this out:
(332117) — When you try to view an Active Server Pages (ASP) page that is running on Internet Information Services (IIS) 6.0, you may receive one of the following error messages in your browser: If the check box in Microsoft Internet
Explorer is not selected: -or-…
http://support.microsoft.com/kb/332117/en-usHTH.
~ Ganesh
-
Marked as answer by
Tuesday, September 28, 2021 12:00 AM
-
Marked as answer by
I have installed Enterprise Certificate Authority on Windows Server 2008 R2. I have also installed other websites in IIS 7.5.
All other ASP applications are working OK, but i have a problem accessing «CertSrv» Web site to generate certificate requests. Errors are:
HTTP Error 500.19 — Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Error Code 0x80070003
Config Error Cannot read configuration file
Config File \?C:Windowssystem32CertSrven-USweb.config
I need help to put back CertSrv website back online. I have tried reinstalling the Certificate Authority server ole but that did not help.
Can someone please explain: Is CertSrv suppose to be a ASP.NET or ASP Classic and how should i configure IIS application pool top put back CertSrv back online.
\? is fine, its the hint to the file system related portions of Windows to enable full 32K sized path names (i.e. greater than 255 characters in a path). You can verify this by typing «\?C:» into a run box.
With that out of the way, can you post the contents of that web.config file?
2
Sure thing. This morning, I was messing around with the site bindings in IIS and discovered an article recommending that I disable 32-bit applications on this particular site. Specifically, the «Enable 32 bit applications» on the SCEP APP pool. It’s now set to FALSE which gives me a different error….
This smells like a permissions issue… I just know it.
(Logon user intentionally removed from picture)
You still want that web.config?
See less
See more
Well we were needing to submit some new CSRs, so I finally had to go with the nuclear option.
I spun up a new 2012 R2 VM and added AD CS. New CA is working just fine and handled a backlog of certificates that we needed done.
I will be slowly revoking certificates from the old CA and gradually bringing its use down to nothing. Then I shall kill it.
See less
See more
Sorry things got nuts here. Anyway probably the better choice in the end
See less
See more
Quote:
Originally Posted by tompsonn
Sorry things got nuts here. Anyway probably the better choice in the end
It’s fine tompsonn. Just a real PITA at this point having to revoke all the certs signed by the CA. And given that it was our domain’s only CA… 