Sunday, 25 May 2014

2008R2 ADCSCAWE: Fixing ‘Error “DEFAULT WEB SITE/CERTSRV” ... default document is not configured...’


We have a Windows Server 2008R2 SP1 Enterprise Member server, with just the role: role service -

Active Directory Certificate Services: Certification Authority

Image: AD CS with Certification Authority Role Service Only
We install -

Active Directory Certificate Services: Certification Authority Web Enrollment

- using the ‘Add Role Services’ wizard and default selections, to install the ‘Web Server (IIS)’ role and required services.

Image: Add Role Services
In ‘Internet Information Services (IIS) Manager’ we see the web application ‘CertSrv’ and virtual directories - ‘CertEnroll’ and ‘en-US’.

Image: IIS Manager showing CertSrv and Folders
But when we go to http://localhost/certsrv we encounter the error:

Server Error Application “DEFAULT WEB SITE/CERTSRV”
HTTP Error 403.14 - Forbidden
Most likely causes: A default document is not configured...


The fix came from a comment by Rexif in this Microsoft Technet Forum Question - thanks Rexif (or should I say Fixer...) Essentially - for some reason - the install has put the code in the wrong directory!

1) Stop the Default Web Site
2) Copy all the contents from C:\Windows\system32\CertSrv\en-US and paste in C:\Windows\system32\CertSrv
3) Open the file ‘default.asp’ from C:\Windows\system32\CertSrv in Notepad and edit the line that includes -

#include FILE="..\"

- to be:

#include FILE=""

Image: Edited CertSrv default.asp file
4) Start the Default Web Site

Internet Explorer Settings for AD CS CA Web Enrollment

We can now connect to http://localhost/certsrv

Image: IE10 Web Browser not Supporting Generation of Certificate Requests
If you’re using Internet Explorer 10, you might get the error:

This Web browser does not support the generation of certificate requests.

If so then, from the Tools menu, click on ‘F12 developer tools’.
From the ‘Developer Tools’ panel at the bottom of IE10, click on Browser Mode and Internet Explorer 10 Compatibility View:

Image: IE10 Developer Tools with IE10 Compatibility View Selected
Now the AD CS CA Web Enrollment site works!

THE END ... not quite!

The above gets http://localhost/certsrv working (it uses the default.asp which we’ve edited), unfortunately, to get the whole site to work, every ASP file has got to be edited similarly. Sort the contents of C:\Windows\System32\CertSrv by type, and make the change to the FILE path for in each file.

Image: ASP Files in CertSrv Folder


  1. you missed a few files

    also need to be edited, or you will have issues downloading the certificate.

  2. Different codebases must be maintained.In instance of web application, clients consistently get the most recent rendition. 토토사이트

  3. We cater to all levels of site development from small business sites to large e-commerce websites. web development agency in usa

  4. I have been exploring for a little for any high quality articles or blog posts in this kind of area . Exploring in Yahoo I ultimately stumbled upon this web site. Reading this information So i¡¦m glad to show that I have an incredibly good uncanny feeling I came upon exactly what I needed. I such a lot indubitably will make certain to don¡¦t forget this web site and give it a look a relentless basis. website design san francisco

  5. Hey man, .This was an excellent page for such a hard subject to talk about. I look forward to reading many more great posts like these. Thanks web design company san francisco

  6. baby books should have as many pictures as possible because babies like to see pictures., website design la

  7. Conceded that on the off chance that you don't have that space, you may need to extemporize yet interestingly, you have some space to yourself that is agreeable, commonsense and adequate to permit you to mastermind your books, diaries and notes without them being shrouded in espresso recolors or utilized for drawing paper.Professional graphic design

  8. I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post. photographe publicitaire