alynch30

Issue : After SCEP cleanup of a malware on a terminal server the user is prompted to restart the server... Which they are able to do even if they don't have the permission since it is SCEP that is initiating the reboot. Possible solution : Locking down SCEP UI - This also locks it down for the administrators... Question : Is there a way to prevent the user from rebooting through SCEP but also not restricting the admin from using/managing from SCEP interface?

Hello! After 24 hours of headbanging trying to figure out this issue we finally found the fix so I though I'd share it. Note that only a handful of our Windows 2003 were having that issue. The relevant line in your log is the following... Certificate [Thumbprint 177CC907017F1F85AE0630C211E747D8C2B4352F] issued to 'clientXP.domain.local' doesn't have private key or caller doesn't have access to private key. The local certificate store ACL were setup incorrectly for some reason... Here are where they are located ... C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys The private key for the certificate had no ACL whatsoever... Added full control for System and read for local administrators. After that CCMSetup ran succesfully on our 3 problematic servers. Thanks