Recently while doing a Lync 2013 deployment for a client, I ran into this issue while attempting to generate certificates on the client CA. The error, “Denied by Policy Module 0x80094800” suggests that the template for the request is not supported, however generally the actual issue is permissions on the published template.
If, like me, you do not have time to troubleshoot a customer’s PKI infrastructure, you can simply use certreq to force the certificate request to the CA.
From an elevated command prompt, type:
certreq -submit -attrib cerficiatetemplate:webserver -config YOURCA -f certreq.csr cert.cer
This string will submit your locally saved certificate request file to the CA server using the webserver template, then save the final certificate in your specified location. Now you can install the certificate, move on with your install, and leave the PKI Template troubleshooting for another day…maybe?
Josef Hanning, PEI
