'Certificate types are not available' When creating computer certificate?
Environment
Windows Server 2008 sp1 Xeon CPU E5430 @ 2.66 GHz 16.0 GB Ram 64-bit Operating System 1TB Disk Space
Server Role: SQL Server Other Information: Joint to domain, Logged in user domain administrator
Issue
Steps that cause issue:
Create a computer certificate using mmc snap-in 'certificates' by right clicking on 'Certificates' folder Under 'root\Personal' tree, and clicking All Tasks -> Request New Certificate. Certificate Enrollment window appears, you verify you are connected to your network and you are logged onto the domain. Then Click Next, which leads to a window stating the issue:
"Certificate types are not available"
"You cannot request a certificate this time because no certificate types are available. If you need a certificate contact your administrator."
Wanted Solution
Create a certificate on this server, to implement SSL connection to MSSQL servers.
You are following the right steps (http://support.microsoft.com/kb/316898/en-us), but the error likely means that you either have no enterprise certificate authority (CA) in the domain, or the CA is not accepting new certificate requests for some reason. It may also be that your installed CA is not allowing generation of "Computer" certificate types. This can be checked in the CA configuration.
The solution depends on whether you already have an enterprise CA set up and configured. If not then you need to create one (there is guidance on the Microsoft technet site, but it's not trivial) or else use another way of generating self-signed SSL certificates such as one of the free downloadable tools.
in my setup i have 4 DCs and needed the certificate for LDAPS. i successfully created a certificate on the DCs that has the CA installed, but on the others i, like you, got the "Certificate types are not available" error.
the problem was that these DCs didn't trust the CA. i added the certificate to the trusted root CAs in the default domain policy, gpupdate on the DCs and it worked
I had the same problem manually requesting computer certificates although they worked automatically and there was no problem requesting user certificates.
I resolved the problem by changing IIS directory security settings to allow anonymous access for the PKI virtual directory only!