Certsrv: Can Only See User and Basic EFS

KB ID 0001552

Problem

When connected to the Web Enrolment portal (Certsrv) for your Certificate Services, you attempt to submit a certificate request. But you only see User and Basic EFS under Certificate Templates, like so;

Solution

I’ve done this myself many times, usually you are looking for the ‘Web Server‘ template and it’s not there, so we will use that as an example. Go to your CA Server.

Windows Server – Locate CA / Certificate Services

Administrative Tools > Certificate Services > Certificate template’s > Firstly make sure the template you are looking for is actually published! (i.e. is in the right hand window). Assuming it’s published, right click Certificate Templates > Manage.

Certficiate Missing certsrv

Locate the template in question, Properties > Security > Grant the USER you are logged in, and attempting to submit the certificate request as, the READ and ENROL rights > Apply > OK.

Certficiate Missing certsrv

Restart certificate services.

Restart Certificate Services

Allow a little time for Active directory replication, then try again.

Cant see Web server certificate

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

12 Comments

  1. John Fjeldberg

    02/06/2020

    You’re my new hero!

    Post a Reply
  2. KG

    13/11/2020

    Awesome Post..This help a lot to me…

    Post a Reply
  3. Bruno Rodolfo Ticona Molina

    17/02/2021

    thank you

    Post a Reply
  4. KurdTech

    20/03/2021

    You are the rock. i run into this issue while back but i forgot to enable to enroll. Thank you again for sharing

    Post a Reply
  6. Chad Wilson

    24/09/2021

    If you are performing the service stop and start on a sub CA, make sure the root CA is powered on. It is common to leave root CA’s powered down for security reasons and it will need to be on to restart the services on SUB CA’s.

    Post a Reply
    • Elizabeth Greene

      06/06/2024

      Another commenter said “If you are performing the service stop and start on a sub CA, make sure the root CA is powered on. It is common to leave root CA’s powered down for security reasons and it will need to be on to restart the services on SUB CA’s.”

      This is because the subordinate CA can’t read the root CA’s CRL. If your root CA’s crl is published to another server that stays online, and it should be, powering on/connecting to the network the root server should not be required. HTH.

      Post a Reply
  8. RHEBERT

    05/04/2022

    you’re my hero too

    thank you so much !

    Post a Reply
  9. Hossi Pro

    09/03/2023

    Perfect… I’ve got it to appear in the list of Templates without restarting the Certificate Services.

    Post a Reply
  10. IT Guy

    13/06/2024

    I have tried that and I still cannot get the computer template to appear in the web service. Any ideas? Thanks

    Post a Reply
  11. BrnHornet

    01/10/2024

    You are DA Man – that worked! Thanks

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *