Hi everyone:
I have two tier-PKI with server-1 as sub-ordinate enterprise/issuing CA. I have installed 'Certificte Authority Web Enrollment' on Server-2. when I open Server-2.domain.com/certsrv and go to ''Download a CA certificate, certificate chain or CRL' it returns 'Error: An unexpected error has occurred: The Certification Authority Service has not been started.' However it works fine from https://localhost/certsrv on server-2.
My problem is same as in the following thread and I have tried the solution advised but it hasn't worked for me:
https://social.technet.microsoft.com/Forums/en-US/4c7f41a5-21b0-470d-8c78-0fc237eb1da0/web-enrollemet-page-giving-error-quot-an-unexpected-error-has-occurred-the-certification?forum=winserversecurity
I have tried the following but nothing has changed:
https://support.microsoft.com/en-gb/help/300867/error-message-the-certification-authority-service-has-not-been-started
https://blogs.technet.microsoft.com/askds/2009/04/22/how-to-configure-the-windows-server-2008-ca-web-enrollment-proxy/
Please advise if I am missing something. Many thanks