Date: 02/11/06 (C Sharp)    Keywords: asp, security, web

It's probably not the best group to ask but in case someone has faced this problem, I will :)

I am trying to build a asp.net 2.0 web service that will request and
get certificates from three different MS CA services. The whole thing
is done with CERTCLIENTLib.CCertRequestClass and works fine as long as
the web service is located on the same machine with the CA.

My need is to make it call other CA's when I do my
CCertRequestClass.Submit().

As many of you probably guessed, I am getting this while error:

CCertRequest::Submit Access is denied. 0x80070005 (WIN32: 5)

Oh well, I tried to play with target CA security settings and DCOM
settings and turned audit for anything I could and did read everything
I could find on this error message. Nothing really helped.

It seems like the CA machine is just not letting the call to reach the
machine's DCOM. I could get this message in security event log:

Event Type:     Failure Audit
Event Source:   Security
Event Category: Logon/Logoff
Event ID:       529
Date:           10.02.2006
Time:           19:38:02
User:           NT AUTHORITY\SYSTEM
Computer:       **********
Description:
Logon Failure:
        Reason:         Unknown user name or bad password
        User Name:      ************
        Domain:         *********
        Logon Type:     3
        Logon Process:  NtLmSsp
        Authentication Package: NTLM
        Workstation Name:       **************
        Caller User Name:       -
        Caller Domain:  -
        Caller Logon ID:        -
        Caller Process ID:      -
        Transited Services:     -
        Source Network Address: ***.**.***.**
        Source Port:    3766

-------------------------------------

The machines are not on the same domain - it's one of the requirements
to the whole thing.

Can someone suggest an approach or something to get it all to work or
shall I just forget about the idea?

Source: http://community.livejournal.com/csharp/49813.html