MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!  ,@1p@+.rsrc0,@@8Px($@Xp0H`x !9: ;8<P=h>?@pqrst(u@vXwp     ( 8 H X h x           ( 8 H X h x           ( 8 H X h x hX#$%Bh,6 7` E00G:lJ& T [ dV m4t |}|(t~H<(d@̶pP"&$(*T \( @mP*MUIIDR_CEP_WEBCONFIGIDR_CES_WEBCONFIG][S:P5nUokkfY MUIen-US@0MS Shell DlgPmsctls_progress32P!Please wait for this operation to finish.PAȀlOpen PFX FileMS Shell DlgPSelect the PKCS #12 file you want to import and enter the password below to access this file.P &File name:P#P#2&Browse...P7 &Password:P@PVW2OKPW2CancelȀ !CA Certificate RequestMS Shell DlgPSelect an online CA to send the requestP6Computer &Name:PAP&#&Parent CA:!PA&P2Br&owse...P@*replaced by IDS_REQUEST_HELPTEXT 2 3 4Pv2OKPv2CancelPKCS #7 (*.p7b)|*.p7b|X.509 Certificate (*.cer;*.crt)|*.cer;*.crt|Personal Information Exchange (*.p12, *.pfx)|*.pfx|All Files (*.*)|*.*||'Select file to complete CA installationUnknown provider namenCannot find the certificate for %1 to build a certificate chain. Do you wish to install this certificate now?OCannot verify certificate chain. Do you wish to ignore the error and continue?>An error occurred retrieving the pending certificate from %1: Get Server CA Name Select CASave certificate and KeysRetrieve CertificateFinish Suspended Setup(The certificate is not a CA certificate.Setup completeRetrieve Pending Certificate Key IndexLoad Old CertificateClone Root Certificate Build RequestPARenew CA -- reuse keysInstall CA CertificateRenew CA -- new keysBuild CA CertificateSave Chain and KeysqIf you want to send the request to an offline CA, click Cancel and send the request file at %1 to your parent CA.Create DS CDP object$Create DS enrollment services objectCreate DS Root TrustPublish CA in DSSubmit RequestAn error occurred when creating the new key container "%1". Please make sure the CSP is installed correctly or select another CSP. :The Certification Authority certificate has a bad length: The new Certification Authority certificate cannot be installed because the CA Version extension is incorrect. The most recently generated request file should be used to obtain the new certificate: %1|The root certificate is untrusted. Do you wish to trust the root certificate on this machine and complete the installation?MCannot add the Certification Authority certificate to the certificate store: PASCannot create a certificate context using the Certification Authority certificate: Unreferenced INF sections Set SecurityCannot create file %1: lThe existing private key "%1" cannot be deleted. Either reuse this key, or use a different name for the CA. Cannot encode key attributes: Cannot encode certificate: 2The %SystemRoot% environment variable is not set. This key storage device is full and the new key "%1" could not be added. Go back and pick an existing key, or use a different key storage device. An error occurred when generating key "%1" for the Active Directory Certificate Services service. Either the CSP configuration is not complete or the key length is not supported. Please make sure the CSP is installed correctly or select another CSP. $Cannot determine the computer name: An error occurred when setting the security access on the private key "%1", or the CSP selected does not support setting security access on private keys. Please make sure the CSP is installed correctly or select another CSP. 8Cannot decode Certification Authority name information: The parent CA has denied your request because you are not a domain administrator. (%1) To obtain the certificate for your CA, you must request the certificate as a domain administrator. You can install the certificate using the Certification Authority snap-in.KThe new certificate subject Common Name does not match the active CA name: Generate KeysPAAn error was detected while configuring Active Directory Certificate Services. The Active Directory Certificate Services Setup Wizard will need to be rerun to complete the configuration. lThe parent CA has denied your request for a CA certificate. Please contact the parent CA administrator. (%1)|An error occurred when the parent CA processed this CA certificate request. Please contact the parent CA administrator. (%1)^This CA certificate request did not complete. Please contact the parent CA administrator. (%1)eThis CA certificate will be issued administratively. Please contact the parent CA administrator. (%1)eThis CA certificate request is in the pending state. Please contact the parent CA administrator. (%1)bThis CA certificate was revoked by the parent CA. Please contact the parent CA administrator. (%1)ECannot set the key provider information for the certificate context: Cannot submit the certificate request to the specified CA. Please ensure that the CA information is correct and that the CA is online. Note: only CAs running the Microsoft Active Directory Certificate Services are supported. Cannot submit the certificate request to the specified CA. (%1) To obtain the certificate for your CA, you can install the certificate using the Certification Authority snap-in.The new certificate subject name does not exactly match the active CA name. Renew with a new key to allow minor subject name changes: The new certificate public key does not match the current outstanding request. The wrong request may have been used to generate the new certificate: Find certificate for %1CCannot write the Certification Authority certificate to file "%1": Cannot write to file %1: INF file errorSet Key Security Parent CA = Request ID = /Microsoft Active Directory Certificate ServicesSet Directory SecurityAn error occurred when creating the new key container "%1". You do not have write access permission to the key container. Please use a different CA name. *Certificate Server Hierarchy Configuration Process Certificate Request File@Windows NT 4.0 Option Pack\Microsoft Certificate Server (Common)(Generate New Certificate Revocation ListKey length must be a number."Key length is out of the range %1.%Key length cannot be negative number.]Select a cryptographic service provider (CSP), hash algorithm, and settings for the key pair.Public and Private Key PairPA6The parent CA name must be no more than 64 characters.Select a parent CA name.Request the certificate for this CA by sending the request directly to a parent CA or saving the request to a file and sending this file to the CACA Certificate RequestNThe most trusted CA in an enterprise. Should be installed before any other CA.A standard CA that can issue certificates to users and computers in the enterprise. Must obtain a CA certificate from another CA in the enterprise.&The most trusted CA in a CA hierarchy.oA standard CA that can issue certificates to users and computers. Must obtain a CA certificate from another CA.)Select the type of CA you want to set up.CA TypeCreates, manages, and removes X.509 certificates for applications such as S/MIME and SSL. If this service is stopped, certificates will not be created. If this service is disabled, any services that explicitly depend on it will fail to start.%Active Directory Certificate Services3Active Directory Certificate Services configurationeWindows did not find a CA on this computer. Change the computer name, or click Browse to select a CA.,Enter a computer name that has a running CA.You can use the Active Directory Certificate Services Client software to host the certificate enrollment Web pages on a separate Web server.PA:Active Directory Certificate Services Client Configuration7The computer name must be no longer than 64 characters.=Enter the name of the computer that is running the parent CA.Select a CA for this clientSelect Certification AuthorityAAn error occurred when creating the service log in the registry: bSetup was unable to retrieve the required information about the CA from the existing certificate: OActive Directory Certificate Services Setup failed in building CA certificate. "Cannot build certificate request: :Active Directory Certificate Services Installation failed.MActive Directory Certificate Services setup failed with the following error: OAn error occurred when creating the server configuration files in folder "%1": 3An error occurred when creating program link "%1": BCannot Change Active Directory Certificate Services configuration.:Cannot delete Active Directory Certificate Services "%1": lAn error occurred when registering or unregistering Active Directory Certificate Services related dll "%1": zThe certification authority name contains characters that are not valid. Specify a different certification authority name.Enter the name of a PFX file.RAn error occurred when generating keys for Active Directory Certificate Services: /An error occurred when importing the PFX file: The selected hash algorithm "%1" failed the signature test. Return to the Advanced options and select a different hash algorithm.RCould not load the Active Directory Certificate Services configuration interface: %Could not determine Networking role: 1You must be a member of the Administrators group.pThe selected hash algorithm is not supported by Active Directory Certificate Services. Select another algorithm.An error occurred during the creation of the configuration files. Make sure the shared folder exists and has the necessary permissions.OA certification authority with the same name was found in the Active Directory.AThe description must be no longer than 1024 characters in length./The country/region code must be two characters.Determined by parent CABThe email address must be no longer than 128 characters in length.7The country/region field must be alphabetic characters.:The country/region field must be two characters in length.;The validity duration must be between 1 day and 1000 years.4The city name must be no longer than 128 characters.1The CA name must be no longer than 64 characters.Enter the CA name.;The organization name must be no longer than 64 characters.;The organization unit must be no longer than 64 characters.AThe state or province name must be no longer than 128 characters.&Enter information to identify this CA.CA Identifying InformationEnter a validity period.$Import Personal Information ExchangedThe Active Directory Certificate Services installation is incomplete. To complete the installation, use the request file "%1" to obtain a certificate from the parent CA. Then, use the Certification Authority snap-in to install the certificate. To complete this procedure, right-click the node with the name of the CA, and then click Install CA Certificate.Generating cryptographic key...PASecuring cryptographic key...eActive Directory Certificate Services is generating the cryptographic key and setting key protection.(Validating key set and hash algorithm...Cryptographic Key GenerationSThe key "%1" is either corrupted or cannot be used for signing. Select another key.Setup needs to create the file "%1" that is derived from the CA name. The file path exceeds the maximum length. Use a shorter CA name.NPersonal Information Exchange (*.p12, *.pfx)|*.p12;*.pfx|All Files (*.*)|*.*||The file "%1" does not exist.The password is not valid.LThe key and certificate from the import file already exist on this computer.The file path "%1" is invalid.GThe name of the request file must be less than 64 characters in length."Enter a name for the request file.?The immediate parent folder of the lowest subfolder must exist.CThe directory path %ws exceeds the maximum length of %u characters.PA0"%1" does not exist. Enter an existing UNC path.ZEnter locations for the certificate database, database log, and configuration information.Certificate Database Settings%Active Directory Certificate ServicesDaysMonthsWeeksYearsvCannot access the database file "%1" because it is being used by another process. You must specify a different folder.$The private key "%1" already exists.REnter a complete path to the certificate database folder. "%1" is not a full path.Setup needs to overwrite existing database files in the "%1" folder. It is recommended that you shutdown the applications that are using files in this folder.VEnter a complete path to the certificate database log folder. "%1" is not a full path.DEnter a complete path to the shared folder. "%1" is not a full path.The CA information contains characters that require extended name encoding in the certificate. Certificates containing this name encoding conform to accepted standards, but may be incompatible with non-compliant applications.BeginEnd Was Enabled Is Enabled Install StateCreate RequestCreate Certificate Start ServiceCreate Web Include FilesInstall ClientInstall Server Upgrade TypeUpgrade Cert StoreUpgrade Key SecurityUpgrade ServerPAUpgrade ClientService StoppedService StartedCreated Client RegistryCreated Server RegistryUpgraded Server RegistryUnregistered DLLsRegistered DLLsCreated Program GroupsCreate certsvcInstall CancelledDispatch FunctionUnattended Attribute#loaded Client Unattended Attributes#loaded Server Unattended AttributesOperation FlagsPAAdding to ToDoList Post-Base UnattendedRegistry StateSelection State9Active Directory Certificate Services Installation Wizard9Active Directory Certificate Services Installation Wizard Import PFX"Failed to create the directory %1.You must uninstall Active Directory Certificate Services first and then reinstall Active Directory Certificate Services Web Enrollment Support.You must uninstall the current Active Directory Certificate Services Web Enrollment Support and then reinstall Active Directory Certificate Services.}The imported certificate does not match the chosen CA type and will not be used. However, the imported key can still be used.5%1 must specify a file name in an existing directory.MThe key length defined in the answer file is ignored because a key is re-usedBCannot create request file. A directory named "%1" already exists.PA*The PFX file name or password is too long.RUpgrade is only supported from Windows 2000 Active Directory Certificate Services.bActive Directory Certificate Services cannot be installed on this version of the operating system.3Validity period must be no longer than 4 characters)The distinguished name syntax is invalid.,The distinguished name syntax is invalid. %1^Property cannot be modified in current state of object. An Existing private key is being used.^Property cannot be modified in current state of object. An Existing certificate is being used.tProperty cannot be modified in current state of object. Current CA Type does not allow this property to be modified.mShared Folder property should not be set as Active Directory can be used to discover certification authority.>For new certification authority, database cannot be preserved.]Property cannot be modified in current state of object. Existing database is being preserved.YCannot perform the operation as object was initialized for only CA Web Enrollment support+Active Directory Certificate Services share%Active Directory Certificate ServicesMSCEP4Simple Certificate Enrollment Protocol (SCEP) Add-OnOCSP0Online Certificate Status Protocol (OCSP) Add-On<%' CODEPAGE=65001 'UTF-8%> <%' certdat.inc - (CERT)srv web - global (DAT)a ' Copyright (C) Microsoft Corporation, 1998 - 1999 %> <% ' default values for the certificate request sDefaultCompany="%0" sDefaultOrgUnit="%1" sDefaultLocality="%2" sDefaultState="%3" sDefaultCountry="%4" ' global state sServerType="%7" 'vs %8 sServerConfig="%5\%6" sServerDisplayName="%9" nPendingTimeoutDays=10 %> &<% Response.ContentType = "application/x-netscape-revocation" serialnumber = Request.QueryString set Admin = Server.CreateObject("CertificateAuthority.Admin") stat = Admin.IsValidCertificate("%1", serialnumber) if stat = 3 then Response.Write("0") else Response.Write("1") end if %> PA7Could not delete CA certificates from ROOT or CA store.Do the following to trace the Certificate Enrollment Web Service messages 1. Change the switchValue appropriately. 2. If the Tracing directory is not created, do the following: a. Create the tracing directory. b. Give read and write permissions for the tracing directory to the application pool credentials the Certificate Enrollment Web Service uses. c. If necessary, open the web.config in service configuration editor and modify trace settings appropriately.Do the following to trace the Certificate Enrollment Policy Web Service messages 1. Change the switchValue appropriately. 2. If the Tracing directory is not created, do the following: a. Create the tracing directory. b. Give read and write permissions for the tracing directory to the application pool credentials the Certificate Enrollment Policy Web Service uses. c. If necessary, open the web.config in service configuration editor and modify trace settings appropriately.jTo enable mex, uncomment the following and uncomment the serviceMetadata in corresponding serviceBehaviors%To enable mex uncomment the followingQBefore you install the Certificate Enrollment Web Service or Certificate Enrollment Policy Web Service, the Active Directory schema must be updated. A schema update cannot be reversed and is replicated throughout the forest. To update the schema, use at least the Windows Server 2008 R2 version of adprep.exe, and run Adprep /forestprep.VThe Certificate Enrollment Web Service cannot operate because it is configured with incompatible settings: It is in renewal-only mode, is installed on the same computer as the certification authority (CA), and is using the built-in ApplicationPoolIdentity. Remove the Certificate Enrollment Web Service and install it with different settings.PAUserAuthenticated SessionSmartcard Logon Basic EFS AdministratorEFS Recovery Agent Code SigningTrust List SigningComputerDomain Controller Web ServerKDCRoot Certification Authority#Subordinate Certification AuthorityEnrollment AgentSmartcard UserUser Signature OnlydThe value for the following key is incorrect in the INF file. It should be a non-zero numeric value.IPSecmThe value for RenewalValidityPeriodUnits is incorrect in CAPolicy.inf. It should be a non-zero numeric value.IPSec (Offline request)The value for RenewalValidityPeriod is incorrect in CAPolicy.inf. It should be one of the following: Years, Months, Weeks or Days (in English).Router (Offline request)reqOpen Request FileRequest Files (*.req; *.txt; *.cmc; *.der)|*.req;*.txt;*.cmc;*.der|Certificate Files(*.cer; *.crt; *.der)|*.cer;*.crt;*.der|All Files (*.*)|*.*||Please enter a computer name.7Please make sure there is a running CA on the computer.There is no matched CA on the computer. This might be caused by the computer being offline. Please contact the system administrator or select a different CA.@Cannot ping the selected CA. Please make sure the CA is running.+Exchange Enrollment Agent (Offline request) Exchange UserExchange Signature OnlyeThere are no published CAs available. Please contact the system administrator or select a CA by name.Enrollment Agent (Computer)Save Request FileCEP Encryption Built PolicyPolicy ElementPolicy Statement Extension!Policy inf missing section or keyOpened Policy infCannot open Policy infBeginEnd Manage CAIssue and Manage CertificatesManage Audit LogsBackup and RestoreReadRequest CertificatesPAClosed Policy inf Message BoxThe value for RenewalValidityPeriod is incorrect in unattended answer file. It should be one of the following: Years, Months, Weeks or Days (in English).Key Recovery Agent CA Exchange Cross Certification Authority Domain Controller AuthenticationDirectory Email Replication/ You have configured this Web client to forward requests to an enterprise CA. If the CA is using the enterprise default policy module, this computer must have delegation enabled and use Kerberos authentication. To enable delegation, see 'Allow computer accounts to be trusted for delegation' help topic.KThe Web client cannot be configured to forward requests to the selected CA.sThe value for the following key is incorrect in the INF file. It should be a boolean value (Yes/No/True/False/0/1).Workstation AuthenticationRAS and IAS Server Low AssuranceMedium AssuranceHigh AssuranceOCSP Response SigningKerberos AuthenticationPAKey recovery agentDirectory e-mail replication'Cross-certified certification authorityCertification authority (CA)ComputerUserUnknownActive Directory KRAActive Directory AIALogged on user Local systemusername/password certificatewindows integrated anonymousunknowncredential is privatePACA Name OrganizationOrganizational UnitLocalityState or ProvinceEMailCountry/region Description Shared FolderDatabase directoryDatabase log directory Computer name Request fileValidity periodCA TypeKey NameThe server DNS name contains characters that cannot be encoded into Certificate Extensions. Please change the computer name or the server DNS name to eliminate special characters.The path "%1" cannot be used for database files. The path might have special characters or be read-only. Please change the path.Setup needs to create a key container name "%1" that is derived from the CA name. The maximum length allowed by the CSP "%2" is %3 characters. The name exceeds the maximum length. Please shorten the CA name.Query Change Selection StatebSetup needs to create the file "%1". The file path exceeds the maximum length. Use a shorter path.Unknown CA TypeBad or missing CA NamexThe value for ValidityPeriod is incorrect. It should be one of the following: Years, Months, Weeks or Days (in English).CA Machine name requiredPACA name requiredFailed in pinging parent CAEmpty unattended attributeFailed in building CA file path&Enterprise CA requires DS availability?Country/region code must be either empty or two characters long!Matching CA certificate not found$Reuse certificate requires reuse key&Preserve DB requires reuse certificate_The value for ValidityPeriodUnits is out of range. It should be a small non-zero numeric value.Request file name too long'CA Name too long for key container namePath too long; shorten CA Name1Country/region code must be in 'A'-'Z' or 'a'-'z'Cannot find a key from the list0Disable the wizard page because of a fatal errorWizard Page ErrorUpgrade unsupportedUpgrade from Windows2000Upgrade from build to build12VerdanaSanitized CA NameKey Container Name^Setup could not add the Certification Authority s computer account to the Cert Publishers security group. This Certification Authority will not be able to publish certificates in Active Directory. To fix this, an administrator must manually add the Certification Authority s computer account to the Cert Publishers security group in Active Directory.Setup could not add the Certification Authority s computer account to the Pre-Windows 2000 Compatible Access security group. Certificate Managers Restrictions feature will not work correctly on this Certification Authority. To fix this, an administrator must manually add the Certification Authority s computer account to the Pre-Windows 2000 Compatible Access security group in Active Directory.zActive Server Pages (ASPs) must be enabled in Internet Information Services (IIS) in order to allow Active Directory Certificate Services to provide web enrollment services. Enabling ASPs is a potential security risk and must be carefully evaluated. You can enable ASPs later if you choose not to do it now. IIS must be manually reconfigured later to enable this functionality.Internet Information Services (IIS) is not installed on this computer. Active Directory Certificate Services Web Enrollment Support will be unavailable until IIS is installed.Active Directory Certificate Services Setup has detected a domain controller running Windows 2000 without Service Pack 3 or later. An enterprise certification authority (CA) cannot be installed when a domain controller is running this version of the operating system. The options to install an enterprise CA are unavailable. You can install a stand-alone CA now, or you can resolve the problem and install an enterprise CA. To resolve the problem, ensure that all Windows 2000 domain controllers are running Service Pack 3 or later, or configure your domain controllers to allow SSL connections from the CA. For information on how to configure your domain controllers, search Help and Support Center.(Enterprise CA option availability statushcp://services/subsite?node=Security/Public_Key_Infrastructure/Certificate_Services&topic=MS-ITS:csconcepts.chm::/sag_CS_procs_setup.htmPASetup created a shared folder for configuration information, but this shared folder could not be verified because there is no available network connection.Share dispositionVirtual root dispositionhttp://%ws/certsrv/mscep_admin/"http://%ws/certsrv/mscep/mscep.dllJYou have to be the local machine administrator in order to run this setup.dCan not delete RA certificates. Please close all programs or increase the available virtual memory.Failed to update the registry.(Failed to add the web virtual directory.7Setup can not obtain security identity for the account.Failed to add the following certificate templates to the enterprise Active Directory Certificate Services or update security settings on those templates: EnrollmentAgentOffline CEPEncryption IPSEC (Offline request) TNo more memory. Please close all programs or increase the available virtual memory.!Failed to enroll RA certificates.;Failed to update the Active Directory Certificate Services.wThe account name is incorrectly formatted. Examples of correct account names include do main\account or account@domain.?Setup is unable to obtain security information for the account.ESetup can not find the domain or machine that the account belongs to.7Setup is unable to check the membership of the account.$Setup is unable to find the account.CThe account is not a member of the local machine's IIS_IUSRS group..Fail to retrieve the DNS name of the computer.FThe account should be a domain account. Local account is not allowed.\Setup can not find the IPSEC (Offline request) certificate template in the Active Directory.ySetup can not find the security information for the IPSEC (Offline request) certificate template in the Active Directory.Setup can not detect if the account can read information about the IPSEC (Offline request) certificate template in the Active Directory.The account can not read information about the IPSEC (Offline request) certificate template in the Active Directory. Please make sure this is a domain account.zThe certification authority has been uninstalled from this computer. However, Windows was not able to remove objects related to this CA from the NTAuthCertificates, Certification Authorities, and Enrollment Services containers in Active Directory. Use the Enterprise PKI snap-in to manually remove CA objects from these containers. For more information, see Enterprise PKI Help.Application Pool Identity account cannot send authenticated certificate request to a local Enterprise CA. Specify a user account.7A certification authority (CA) is installed on this computer. Do not specify a CA for the Network Device Enrollment Service (NDES) configuration when a CA is installed on the same computer. When NDES and a CA are installed on the same computer, NDES must send authenticated certificate requests to the local CA.The Network Device Enrollment Service cannot be configured with a remote standalone certification authority (CA). Select an enterprise CA or install this service on a computer that hosts a standalone CA.The Network Device Enrollment Service failed because the setup could not obtain the type of CA from "%1". Make sure that the Active Directory Certificate Services service is running. The error is: The Network Device Enrollment Service setup failed because certification authority (CA) "%1" could not be contacted. Make sure that the CA is properly configured and available. The error is: PA`The setup object has already been initialized. This object cannot be initialized more than once.xThe setup object has not been initialized. Please initialize the setup object with the InitializeInstallDefaults method.AYou must be a member of the Enterprise Admins group to run Setup.The Certificate Enrollment Web Service or Certificate Enrollment Policy Web Service cannot be installed on a computer that is not a member of a domain.NYou cannot set this property because the application pool "%1" already exists.The Certificate Enrollment Web Service cannot be used with a standalone certification authority (CA). It can only be used with an enterprise CA.The Certificate Enrollment Web Service cannot be used with this certification authority (CA). It can only be used with an enterprise CA installed on Windows Server 2003 or later.The Certificate Enrollment Web Service is not configured with a certification authority (CA) name. Confirm that an enterprise CA is available and configure the Certificate Enrollment Web Service with the CA name.TThe object has been initialized. You cannot call UnInstall on an initialized object.Setup was unable to add Certificate Enrollment Web Service information to the Certification Authority object in Active Directory Domain Services (AD DS). To complete Setup, add the information manually using the command: %1.The Certificate Enrollment Web Service Setup failed because the CA "%1" cannot be contacted. Check the name, and confirm that the CA is properly configured and available.Setup could not add this role service because it already exists in the default Web site. Please remove the existing role service or select a different certification authority (CA) or authentication type.Setup cannot give the Certificate Enrollment Policy Web Service account List permission on the "Deleted Objects" container. The web service will not be able to detect deletion of Active Directory objects such as certificate templates. To complete Setup, a member of the Domain Admins group must manually give the Certificate Enrollment Policy Web Service account List permission on the "Deleted Objects" container in Active Directory Domain Services (AD DS).Setup was unable to delete Certificate Enrollment Web Service information from the Certification Authority object in Active Directory Domain Services (AD DS). To complete Setup, delete the information manually using the command: %1.You can set the ENUM_CESSETUPPROP_USE_IISAPPPOOLIDENTITY property to FALSE only by calling the SetApplicationPoolCredentials method with a valid user name and password.Setup was unable to install or update the default certificate templates. Ensure you have write permissions on the "Certificate Templates" container in the forest root domain, then manually install the default certificate templates using the command: certutil -installdefaulttemplates.The Certificate Enrollment Policy Web Service could not be installed because Windows authentication is not compatible with key based renewal. To resolve this issue, remove the Certificate Enrollment Policy Web Service. Reconfigure the Setup options to disable key based renewal, or select either user name and password authentication or client certificate authentication, and then run Setup again.The Certificate Enrollment Web Service could not be installed because an incompatible configuration was selected. To resolve this issue, remove the Certificate Enrollment Web Service. If you want to use key based renewal, enable both client certificate authentication and renewal-only mode. If you want to use user name and password authentication or Windows authentication, disable key based renewal, and then run Setup again.Select Certification Authority5Select a Certification Authority to send the request.PA4VS_VERSION_INFO@%@%?6StringFileInfo040904B0LCompanyNameMicrosoft Corporation1FileDescriptionMicrosoft Active Directory Certificate Servicesr)FileVersion6.3.9600.16384 (winblue_rtm.130821-1623)8 InternalNameCertOCM.dll.LegalCopyright Microsoft Corporation. All rights reserved.HOriginalFilenameCertOCM.dll.muij%ProductNameMicrosoft Windows Operating SystemBProductVersion6.3.9600.16384DVarFileInfo$Translation  PAD PADDINGXXPADDINGPADDINGXXPADDINGPADDINGX