When you add Enterprise Certification Authority (CA) functionality to a Windows 2000 Server in a Windows Server 2003 domain, the Windows 2000 CA cannot publish certificates to the Active Directory.

The Application Event log records the following:

Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 80
Date: MM/DD/YYYY
Time: HH:MM:SS
User: N/A
Computer: <ComputerName>
Description: Certificate Services could not publish a Certificate for request nnnnnn to the following location on server <ComputerName.jsiinc.com>: CN=xxxx,OU=Users,DC=ComputerName,DC=jsiinc,DC=com. The administrative limit for this request was exceeded. 0x80072024 (WIN32: 8228). ldap: 0xb: 00002024: SvcErr: DSID-02050ABE, problem 5008 (ADMIN_LIMIT_EXCEEDED), data -1026

For more information, see Help and Support Center at http://www.microsoft.com/contentredirect.asp.

This problem occurs because the Windows 2000 Enterprise CA is NOT automatically added to the Cert Publishers group in the Windows Server 2003 domain.

To resolve the problem, add the computer account to the Cert Publishers group in the root domain of the forest:

1. Open the Active Directory Users and Computers snap-in.

2. Double-click the domain name in the left-hand pane.

3. Double-click the Users container.

4. Double-click the Cert Publishers group in the right-hand pane.

5. Select the Members tab and press the Add button.

6. Type the name of the Windows 2000 CA or use the Advanced button to locate it it.

7. Press Apply and OK.