Skip to main content

Domain Policies that Restrict Access

If you log in to the Eggplant Performance controller as a domain user, the Proxy Recorder might experience problems when attempting to write the certificate to the trusted root certificate store.

With assistance from your Domain Administrator check the following domain policy settings. These settings need to be viewed on the Domain Controller (rather than the Windows client).

Ensure that the Windows client where the Eggplant Performance controller is installed is able to trust and enroll certificates. This setting is configurable on the Certificate Services Client - Certificate Enrollment Policy pane.

Certificate Services Enrollment Policy

Domain users must be allowed to configure their own set of trusted root certificates. Use the Stores tab to accomplish this configuration change.

Make sure the Allow user trusted root CAs to be used to validate certificates & Allow users to trust peer trust certificates checkboxes are selected. Selecting these checkboxes lets domain users decide which root CA/peer certificates to trust.

The Third-Party Root CAs and Enterprise Root CAs radio button in the Root certificate stores section of the dialog needs to be selected also.

On the Trusted Publishers tab, make sure the Allow administrators and users to manage user's own Trusted Publishers radio button is selected.

Certificate Path Validation Settings Properties window

The Configuration Model drop down list on the Certificate Services Client - Auto-Enrollment Properties must have Enabled selected

Auto-enrollment properties dialog window

Having validated the above Domain Controller settings you must rename/delete the existing client certificate store (RSA) on the Eggplant Performance controller PC in this folder: %APPDATA%\Microsoft\Crypto\RSA\

Now you are ready to click the Install/Uninstall proxy certificate button on the Eggplant Performance Proxy Recorder. After selecting this option, you should see the new client certificate store appear on the file system.

Local client certificate store

If you click the Install/Uninstall proxy certificate button and the certificate does not install automatically, you can export the proxy certificate to the local filesystem and install it manually.