Install Web Enrollment on Different DC
i have 2 dc's, 1 ca. i wanted install web enrollment alone on second dc on completion of setup gt access denied 80070005 error. i checked under delegation , second dc has correct settings: which other setting missing? 1) not install ca on dc 2) not install web enrollment services on dc that being said, delegation must enabled account running defaultapppool on server adcs web enrollment services enabled. delegation, must enable delegation ca computer accounts host , rpcss services (rather full delegation). finally, url use connect web enrollment services web page must registered spn on account used run defaultapppool web pool. so, if computer account, run setspn -s host/webenroll.example.com example\webhost$ brian Windows Server > Security ...
