Certificate for Non-Domain Computers

hello,

i trying request device certificate laptops not on domain. referencing article set ca. 

http://blogs.technet.com/b/askds/archive/2010/05/25/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates.aspx

i have set laptops enrollment specified in article , verifies fine. however, when try request certificate, error says, "certificate types not available".

i have tried run "certutil -config fqdn\ca -ping" , "rpc server not available 0x8000706ba". (i can run machine inside domain.) 

i have disabled firewall on ca (for testing) , added "everyone" "certifiacte service dcom access" group. 

i running out of ideas , appreciated. 

thanks , regards,

mike

that nice article, going overkill. os versions using? need @ least 2008 r2 , windows 7.

if computer not domain joined, still need account in active directory - same name, if using certificate based renewal. user name , password, should not have issue.

other resources:

http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx

windows server 2012

http://technet.microsoft.com/en-us/library/tlg-key-based-renewal.aspx

---

kurt hudson, sr. technical writer ad ds, ad cs, pki, azure ad

Windows Server  >  Security