Certificate Authority error “Template information could not be loaded”

When opening the Certificate Authority Manager, under Certificate tamp lets you get error like “Template information could not be loaded” & “Element not found”

This could happen when the DC computer object do not have the right permission , This could also happen if you have upgraded the domain or move the Certificate Authority to another DC doing backup and restore.

To resolve this you need to use ADSI Edit from one of your Domain Controllers. Open ADSI Edit and connect to the Configuration partition, expand CN=Services, CN=Public Key Services and find CN=Certificate Templates. Right click on CN=Certificate Templates and select Properties

Give the DC computer Object read permission on “Certificate Template” & “Enrollment Services” . If the “Enrollment Services” is empty and missing the pKIEnrollmentService object you will need to restore it

How To Restore the pKIEnrollmentService object

  1. Check for the pkiEnrollmentService object in CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=com using ADSIEdit
  2. If the CN=Enrollment Services container object is also missing, manually create a new container object named Enrollment Services before proceeding
  3. In the Certification Authority snap-in, right-click on the CA name, go to All Tasks and click Backup CA
  4. Within the Backup wizard, backup both the CA database and the Public/Private Key Pair
  5. Backup the CA locally (C:\Backup, etc.)
  6. After the backup is made, in the Certification Authority snap-in, right-click on the CA name, go to All Tasks and click Renew CA Certificate
  7. Choose the same key (the No selection in the UI)
  8. Check for the pkiEnrollmentService object in CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=com using ADSIEdit
  9. Test the enrollment services by restart the CA service and re-open the Certificate Authority snap-in

Good Luck

2 Comments

Leave a Reply

Your email address will not be published.