Certificate request fails with error message "The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED)".

Assume the following scenario:

• A certificate is requested from an Active Directory integrated certification authority (Enterprise Certification Authority).
• The request fails with the following error message:

An error occurred while enrolling for a certificate.
The certificate request could not be submitted to the certification authority.
Url: CA02.intra.adcslabor.de\ADCS Lab Issuing CA 1
Error: The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED)

The error can also occur in the same form during the installation of a Network Device Registration Service (NDES) occur:

Failed to enroll RA certificates. The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED)

The certification authority will not log any error.

Possible causes

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

This error pattern occurs when the security option "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" is set to "Deny All" on the certificate authority.

The option must be configured to "Not defined", "Allow all" or "Audit all".

Related links:

• Certificate request fails with error message "The request is missing required signature policy information. 0x80094809 (-2146875383 CERTSRV_E_SIGNATURE_POLICY_REQUIRED)".
• Certificate request fails with error message "The requested certificate template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE)."
• Requesting certificates via Enroll on Behalf of (EOBO) fails with the error message "The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester."
• Requesting certificates via Enroll on Behalf of (EOBO) fails with the error message "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)"
• Certificate request fails with error message "A certificate issued by the certification authority cannot be installed. Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)"
• Requesting a Trusted Platform Module (TPM) protected certificate fails with error message "The requested operation is not supported. 0x80090029 (-2146893783 NTE_NOT_SUPPORTED)"
• Certificate request fails with error message "Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)".
• Certificate request fails with error message "The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)".
• Certificate request fails with error message "Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA)."
• Certificate request fails with error message "0x800b0101 (-2146762495 CERT_E_EXPIRED)".
• Certificate request fails with error message "The certificate request could not be submitted to the certification authority. Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)".
• Certificate request fails with error message "Cannot archive private key. The certification authority could not verify one or more key recovery certificates. 0x8009400b (-2146877429 CERTSRV_E_NO_VALID_KRA)".
• Requesting a certificate fails with the error message "You cannot request a certificate at this time because no certificate types are available."
• Requesting a certificate fails with the error message "The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. 0x80090345 (-2146892987 SEC_E_DELEGATION_REQUIRED).". When importing PFX files, the private key is missing.