Problem: When adding or revoking certificates we were getting the following error
0×80094009 – The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester.
Even though I was a domain AND enterprise admin!!!???? Panic!
Also our CA had been migrated and updated from Windows 2003 so there was some concern about the upgrade and its process and of course the testing done after.
After the CA was migrated we HAD tested the CA process, so we confirmed this was working previously.
Somewhere, somehow the CA now has corrupted ACL’s or something (or something like that)
1) Right click the CA Name > Properties
2) Certificate Managers tab
3) Tick ‘do not restrict certificate managers’
4) try your addition or deletion (just to check it works)
5) go back and undo step 3 – (i.e. tick to re-Restrict Certificate Managers)
6) You should now be able to add and delete certificate requests etc as expected as a Domain or enterprise admin