ICertificateEnrollmentServerSetup::InitializeInstallDefaults method

The InitializeInstallDefaults method initializes the ICertificateEnrollmentServerSetup object with a default configuration.

Syntax


HRESULT InitializeInstallDefaults();

Parameters

This method has no parameters.

Return value

Return codeDescription
E_ACCESSDENIED

A user must be an administrator of the domain root or the enterprise. A computer must be joined to the domain.

If the user is not a domain root or enterprise administrator, the ErrorString property is set to:

"You must be a member of the Enterprise Admins group to run Setup."

If the computer is not joined to the domain, the ErrorString property is set to:

"The Certificate Enrollment Web Service or Certificate Enrollment Policy Web Service cannot be installed on a computer that is not a member of a domain."

HRESULT_FROM_WIN32(ERROR_INVALID_STATE)

The ICertificateEnrollmentServerSetup object has already been initialized. The ErrorString property is set to:

"The setup object has already been initialized. This object cannot be initialized more than once."

 

Remarks

This method performs the following actions:

  • Determines whether the ICertificateEnrollmentServerSetup object has already been initialized.

    Note  If this check fails, the method sets the ErrorString property to "The setup object has already been initialized. This object cannot be initialized more than once."
     
  • Determines whether the user is an administrator of the domain root or the enterprise.

    Note  If this check fails, the method sets the ErrorString property to "You must be a member of the Enterprise Admins group to run Setup."
     
  • Determines whether the computer is joined to the domain.

    Note  If this check fails, the method sets the ErrorString property to "The Certificate Enrollment Web Service or Certificate Enrollment Policy Web Service cannot be installed on a computer that is not a member of a domain."
     
  • Sets the default authentication procedure to Kerberos. You can call SetProperty to change the authentication method.
  • Determines whether CES is installed on a computer running Windows Server 2008 R2.

    Note  If this check fails, the method sets the ErrorString property to "The Certificate Enrollment Web Service or Certificate Enrollment Policy Web Service must be installed on a member server in an Active Directory forest in which the Windows Server 2008 R2 version of ADPrep /forestprep has been successfully run."
     
  • Sets the default server context to the ApplicationPoolIdentity built-in account.
  • Sets the ENUM_CESSETUPPROP_RENEWALONLY property to FALSE.
  • Sets the ENUM_CESSETUPPROP_URL property is to "https://computerDNSname/SanitizedCAShortName_CES_Kerberos/service.svc/ces" if a valid certification authority (CA) configuration exists. If a valid configuration does not exist, the ENUM_CESSETUPPROP_URL property is not set. The SanitizedCAShortName is the sanitized short name of the CA. For more information about sanitized names, see GetConfig.

    Note  If the certification authority is a standalone CA, the ErrorString property is set to "The Certificate Enrollment Web Service cannot be used with a standalone certification authority (CA). It can only be used with an enterprise CA."
     

You must call the InitializeInstallDefaults method before calling any method other than UnInstall. Call the Install method to install the configured service. Call UnInstall on a new ICertificateEnrollmentServerSetup object to remove the service.

Requirements

Minimum supported client

Windows 7 [desktop apps only]

Minimum supported server

Windows Server 2008 R2 [desktop apps only]

Header

Casetup.h

IDL

Casetup.idl

DLL

Certocm.dll

IID

IID_ICertificateEnrollmentServerSetup is defined as 70027FDB-9DD9-4921-8944-B35CB31BD2EC

See also

CESSetupProperty
ICertificateEnrollmentServerSetup

 

 

Show: