Skip to content

Webinar: Turning Crypto Inventory into a Strategic Advantage for the Quantum Era

Register Now
  1. Blogs
    2. PKI

Common PKI Setup Issues: Grayed Out Enterprise CA Button 

Posted byRiley Dickens 06 Minutes
Common PKI Setup Issues_ Grayed Out Enterprise CA Button
Table Of Contents

Introduction

We have discussed common PKI setup issues in the past, and today we tackle a more common one that you may see. When going through the server manager and following the steps to create an Enterprise CA, you will come across an option to select the type of CA you are attempting to setup. In some cases, the Enterprise CA option may be grayed out, even though it seems like you have everything in place. The steps below will walk you through remediating this issue.   

Error Handling

error guide

While setting up an Issuing CA, if the Enterprise CA option is unclickable, it could be because the credentials of user you are trying to setup the CA with doesn’t have enough permissions to complete this task. The user must have the Enterprise Admin role enabled to continue setup. To fix this issue, follow the below steps: 

  • First navigate to sysdm.cpl from run to verify if your machine is domain joined.
    • navigate to sysdm.cp
  • If your machine is domain joined it should show domain here, if not join your machine to domain.
    • machine is being domain joined
  • Navigate to your Active Directory Users and to Enterprise Admins to verify if the account you’re using is listed or not.
    • Active Directory Users
    Active Directory Users
  • Create a new user in enterprise admin role to login with that for ADCS. Right Click on User ->New->User.
    • Create a new user
  • Provide user details and create a password.
    • Create a password
  • Click on finish to complete adding the Enterprise Admin. Please note your user logon name.
    • adding the Enterprise Admin
  • Right Click on user you created and navigate to properties.
    • Navigate to properties
  • Navigate to Member Of and click on Add.
    • Navigate to Member Of
  • In the “Enter the object names to select” box, add Domain Admins and Enterprise Admins. Click on check names every time you add a name.
    • add Domain Admins and Enterprise Admins
  • Once done click on Apply to finish.
    • Apply to finish
  • In the ADCS configuration window, on Credentials page click on Change to change the credentials.
    • change the credentials
  • Provide the username and password of the account you created.
    • Provide the username and password
  • You should be able to see the Enterprise CA option available after this. Follow the setup steps after this to complete your ADCS configuration.
    • Enterprise CA option enabled

Conclusion 

This may be a common issue, but the process to fix it can be a bit more lengthy than past errors we have discussed. Sometimes, finding the reasoning behind why an error is occurring can be more complicated than actually fixing the error. At Encryption Consulting, we work with your organization to plan, implement, and troubleshoot any PKI setup you may want to do. To learn more about how we can help your organization, please reach out to [email protected] or www.encryptionconsulting.com

Discover Our

Related Blogs

HTTPS Error

Common PKI Setup Issues: Web Enrollment HTTPS Error 401.2

August 21, 2025
ERROR_ACCESS_DENIED

Common PKI Setup Issues: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)

August 20, 2025
PKIaaS Role

Role of PKIaaS in Device Certificates

July 23, 2025

Explore

More Topics