In this blog, I’ll show you what might be causing the message “Certificate types are not available” when you request a certificate through your local Microsoft Server CA (ADCS). If you run into an error when requesting a new certificate, you want to fix it as soon as possible.
One problem I have experienced many times myself is that when you try to request a certificate you get the message “Certificate types are not available”. The cause of this can have several reasons such as: No permissions, Expired certificates and more.
When you check the “Show all templates” box the certificate templates will appear with the status “Unavailable”. You will also notice an error message
Possible Solutions
I will try to add more issues and solutions over time. Please let me know if you have encountered an error and have a solution for that issue.
Error: This type of certificate can be issues only to a computer/user
Cause
These errors are probably caused by openening the certificates snap-in with the wrong account. Try to reopen with the correct account.
Error: You don’t have permission to request this type of certificate
Cause
You don’t have the permissions to enroll the certificate. On the CA server Rightclick Certificate Templates and select “manage” to open the “Certificate Tempales Console”. Select the properties of the template and select “Security”. Select the Enroll allow box.
Error: A valid certification authorithy (CA) cannot be located
Cause
This can have multiple causes. When this error occurs with a new certificate server check if the root certificate of the PKI has been installed on the computer where you try to request a certificate. The certificate should be in the “Trusted Root Certificates Authorities” store of the local computer.
I hope this post is helpfull. Please let me know if you have tips or additions to this list.
So i have a question. I recently moved my CA fro a 2012 R2 server, to 2022 server. I did the backup the old, and restore it to the new method, and all seemed fine. Thn i went to edit cert templates, and even all that seems to work. However in Cert Auth MMC, when i right click templates, and say cert template to issue, the copy i just created and edited does not show up in the list of available templates, so i cant use it. I checked that both my DC’s have the template, so it seems replication is fine. Any ideas?
Hi Chris,
You should start by checking if the health of your PKI is ok. You can use PKIview.msc to do this. for more info check this post on Microsot Tech Community.
regards, Aad