Access denied. 0x80090010 Enroll cert of Windows hello for Business with on-prem PKI CA Server
We have created Certficate Template from on-prem CA Server ( Windows server 2019 ) using this link : https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/rdp-sign-in?tabs=intune However We can not Enroll Certificate Windows Hello for Business Certificate from User's Desktop ( Windows 11 ) and every time error occurred or Access Denied ( Certificate enrollment for Domain\UserName failed to enroll for a WHfBCertificateAuthentication certificate with request ID N/A from -ERCA.Domain.local\Domain-ERCA-CA-1 (Access denied. 0x80090010 (-2146893808 NTE_PERM)) We have also given Read and Enroll permission to EveryOne and Autheticated Users from CA Certficiate template , but still same erro Please advise if anything more can be done to resolve this issue.
PKI Root CA with two different domains
Hi, We currently have a PKI config. of 1 rootCA (offline) and two subordinate CAs within our staff domain (ie staff.domain.com) We also have another domain that currently does not have PKI infrastructure, lets call this public.domain.com Since the root CA is not domain joined and its offline, can I configure this in a way where the rootCA also signs the certificates for subordinate CAs in the public.domain.com, there is no trust between both domains and they are not in a forest. So one root CA and two different domains. thank you!
