PKI setup fails during Parallels Mac Management installation (CA is installed on Windows Server 2012)

0 users found this article helpful

Symptoms

Unable to configure Parallels Mac Management Proxy.

You get one of the following error messages:

alttext
alttext

Cause

Invalid provider type specified for certificate template.

Certificate templates for Parallels Configuration Manager proxy and Mac computers are not configured or are configured improperly.

Resolution

Please re-generate certificate template for Parallels Configuration Manager Proxy and Mac Computers using steps below:

Creating a Certificate Template for Parallels Configuration Manager Proxy

  1. In Windows, click Start > Administrative Tools > Certification Authority

  2. Expand the tree of your Certification Authority.

  3. Right-click Certificate Templates and click Manage. The Certificate Template Console opens.

  4. In the template list, locate Web Server, right-click it and then click Duplicate Template. The Properties of New Template dialog opens.

  5. On the Compatibility tab page, select Windows Server 2008 as Certification Authority and Windows 7 / Server 2008 R2 as Certificate recipient.

  6. On the General tab page, specify a template name.

  7. On the Cryptography tab page, set Minimum key size to 2048. In the Providers pane chose Microsoft RSA SChannel Cryptographic Provider and Microsoft DH SChannel Cryptographic Provider, in Algorithm name field chose value Determined by CSP

  8. On the Request Handling tab page, select the Allow private key to be exported option.

  9. On the Subject Name tab page, select the Supply in the request option and the Use subject information from existing certificates for autoenrollment renewal requests option.

  10. On the Extension tab page, double-click the Application Policies extension, then click Add and select Client Authentication from the list. Click OK and then OK again. The Client Authentication description should appear in the Description of Application Policies list.

  11. On the Security tab page, add the server that hosts Parallels Configuration Manager Proxy and the user account under which the Proxy is running. Grant them Enroll and Autoenroll permissions. Please note that if the Proxy is running under the LocalSystem account, then you only need to add the computer name.

  12. Click OK to close the Properties of New Template dialog.

  13. Close the Certificate Template Console.

  14. Back in the Certification Authority window, right-click Certificate Templates again and choose New > Certificate Template to Issue.

  15. Select the template that you created in the previous steps and click OK to enable it.

Creating a Certificate Template for Mac Computers

  1. In Windows, click Start > Administrative Tools > Certification Authority.

  2. Expand the CA tree, right-click Certificate Templates and click Manage.

  3. The Certificate Template Console opens.

  4. In the template list, locate Workstation Authentication, right-click it and then click Duplicate Template in the context menu.
  5. On the Compatibility tab page, select Windows Server 2008 as Certification Authority and Windows 7 / Server 2008 R2 as Certificate recipient.
  6. On the General page, specify a template name.

  7. On the Cryptography tab page, set Minimum key size to 2048. In the Providers pane chose Microsoft RSA SChannel Cryptographic Provider, in Algorithm name field chose value Determined by CSP

  8. On the Request Handling tab page, select the Allow private key to be exported option.

  9. On the Subject Name tab page, select the Supply in the request option. The Certificate Templates message box will pop. Click OK to close it.

  10. On the Subject Name tab page, select Use subject information from existing certificates for autoenrollment renewal requests option.

  11. On the Extension tab page, make sure that Client Authentication is displayed in the Description of Application Policies list. If it's not, add it.

  12. On the Security tab page, add the server that hosts Parallels Configuration Manager Proxy and the user account under which the Proxy is running. Grant them Enroll and Autoenroll permissions. If the Proxy is running under the LocalSystem account, then you only need to add the computer name.

  13. Click OK to close the Properties of New Template dialog.

  14. Close the Certificate Templates Console.

  15. In the Certification Authority window, right-click Certificate Templates and click New > Certificate Templates to Issue.

  16. In the Enable Certificate Templates dialog, select the template that created in the previous steps and click OK to enable it.

After this re-configure Parallels Configuration Manager Proxy using created certificate templates.

Was this article helpful?

Tell us how we can improve it.