Symptoms
After successful Veridium authentication, Credential Provider is showing error message "Unable to obtain certificate for login."
Note: this error may have different root causes, this is only one of these. Check following text to find the correct one based on detailed log.
There is a following event registered on the Client machine:
Event Source: Veridium-BopsCP
EventID: 50201
Severity: Information
Event body:
{
"Module": "RESTApi",
"Method": "GetRACertificate",
"UserName":"DEV\milos",
"Messages":{},
"URL":"https://dev-dc2.dev.local/RaWebApp/api/BopsCertificate",
"InputJSON":{"bopsShortLiveTok.....":..."","bopsToken":"...","bopsUpn":""},
"OutputJSON":{"FasUserHandler":nu..."Issu...":null,"IssuedCertificatePassword":null,"error":{"Hresult":-2147467259,"UUID":"0f1fb518-9455-45a0-9b72-e6a4eb65d7e1","errorCode":50101,"errorDescription":"RA Error: Error enrolling certificate"}},
"Return":{
"ReturnCode":50101, "Description": "RA Error: Error enrolling certificate"
},"ActivityStartTime": "",
"ActivityEndTime" : "",
"Duration" : 8317,
"Version" : "3.1.0.0"
}
and
Event Source: Veridium-BopsCP
EventID: 0
Severity: Error
RA Error: Error enrolling certificate
Root cause and Resolution
Final root cause and resolution is based on event log entry on VeridiumRA. See following detailed events and its resolution:
on Veridium RA server, there is a following event:
-
Event Source: VeridiumRA
-
EventID: 300
-
Severity: Error
Based on following table, continue on corresponding root cause and resolution:
|
Symptom:
|
Root cause |
Resolution |
|---|---|---|
|
CCertRequest::Submit: The RPC server is unavailable |
Certification authority is not reachable.
|
Check if CA is started and available. |
|
Signer certificate not found |
Enrollment agent certificate not found.
|
Select Certificate Template for Enrollment Agent certificate and select Certification Authority.
|
|
GetCertificate - Exception:System.Exception: Access Denied enrolling for certificate |
Problem with access rights to Certification Authority and certificate enrollment: |
Check following:
|