Enterprise PKI Error - CDP & AIA locations "unable to download"

hi,

i have migrated 2-tier pki windows server 2003 x86 windows server 2008 r2 environment. migration went fine without big problems, minor issues only. both ca's online....

when migration w2003 -> w2008r2 made adds schema not upgraded. because of didn't installed web enrollment services. schema upgraded 2 weeks ago (migration made on feb 2011) , after web enrollment service installed.

everyting has been working until installed web enrollment service. @ moment situation root ca has 2 aia locations , 2 http location able download crl , crt files via ie or windows explorer. enterprise pki shows error message "unable download".

subca has problems http locations also. when copy link , open ie crl & crt files open correctly. enterprise pki shows same error in root ca. haven't done changes root ca. changes has been made (exept security fixes) has been web enrollment service installation subca regarding ad certificate services.

and checked today morning allowdoubleescaping true.

here locations listed:

rootca

aia location #1 unable download  http://xxxxx01/certenroll/xxxxx01_company%20root%20ca.crt
aia location #2 unable download  file://\\xxxxx01\certenroll\xxxxxx01_company root ca.crt
cdp location #1 unable download  http://xxxxx01/certenroll/company%20root%20ca.crl
cdp location #2 unable download  file://\\xxxxx01\certenroll\company root ca.crl

subca

aia location #1 ok ldap:///cn=company%20issuing%20subca,cn=aia,cn=public%20key%20services,cn=services,cn=configuration,dc=company,dc=com?cacertificate?base?objectclass=certificationauthority

aia location #2 unable download  http://xxxxx02.company.com/certenroll/xxxxx02.company.com_company%20issuing%20subca.crt

cdp location #1 expiring ldap:///cn=company%20issuing%20subca,cn=xxxxx02,cn=cdp,cn=public%20key%20services,cn=services,cn=configuration,dc=company,dc=com?certificaterevocationlist?base?objectclass=crldistributionpoint

deltacrl location #1 ok ldap:///cn=company%20issuing%20subca,cn=xxxxx02,cn=cdp,cn=public%20key%20services,cn=services,cn=configuration,dc=company,dc=com?deltarevocationlist?base?objectclass=crldistributionpoint

deltacrl location #2 unable download  http://xxxxx02.company.com/certenroll/company%20issuing%20subca+.crl

cdp location #2 unable download  http://xxxxx02.company.com/certenroll/company%20issuing%20subca.crl

doesn have solution error? appreciate this

i tested pkiview member server w2003 os , working properly.

then restarted rootca , subca , after restart enterprise pki view able download information cdp & aia locations.

summary:

iis authentication changes, iisreset & reboot solved problem.

thanks help!

-sami

Windows Server  >  Security