In order to create a new OU for ActivID CMS HIDS Smart Card software to look for new user accounts, you need to take several steps.

Validate the current domain and CA connectivity;

Create the User Group

Create the Assignment and Device Policy (the device policy is where the certificate template settings from your CA are set)

Be careful here.  This is where I screwed up.  While I mirrored a working group, when i went back and checked the ‘VIEW’ I saw that they were different.  I was getting a fail after 90% card creation only for one user, in the new OU, with codes like;

The device issuance failed.

Synch Error: Security module synchronization failed. An internal provider error has occurred

in provider Microsoft, context -------------------CA.

Externaloperation error. : providerContextID=null (0x0000000C) MSPKI_DENIED_REQUEST :

Denied by Policy Module

and permission errors on the CA like 0x80094012


Leave Your Comment

Your email address will not be published. Required fields are marked *

twelve + one =