This is not a question. I am documenting a solution that I could not find anywhere else. Hopefully, this will help others with this issue sometime.
A user in our Admin group who could create IDs using the Certificate Authority could not make valid IDs after her name change.
When the new users were configured, they would get a message stating that the ID did not have certificates (I did not capture the exact error message).
In the Admin Requests database in the Certification Authority Requests > Certification Requests, under the OU for the new ID, under Rejected by Certification Authority, I could find that the requests to process the new IDs were rejected. This error appeared as the Rejection Reason - "1861: Profile not authorized [DefaultEEProfile]"
You can find a documented explanation for this Rejection Reason in technote 1313867. However, this explanation does not apply to this situation. <http://www-304.ibm.com/support/docview.wss?uid=swg21313867>
This is what I did to repair this issue:
- In the Domino Directory, edited each Certifier document with that Admin user's name,
- Removed her name (which had already been updated properly) from the Registration Authorities list using the controls on that form.
NOTE: Adding or removing a name from this list does not delete the name. It issues a change request to Adminp (or the CA Process?) to delete the name. Adminp responds within seconds (in my experience) and updates the list.
- Closed the document (without saving the change).
NOTE: If you save the document at this point, you could create a replication conflict with the Adminp/CA action.
- Re-edited the Certifier document.
- Added her to the Registration Authorities list.
NOTE: Adminp/CA Process will update the Registration Authorities list.
Renaming Admin user Disabled Her ab... (Gregg Bendtsen 15.Jun.12)
Feedback number WEBB8VAQ7P created by Gregg Bendtsen on 06/15/2012
. . Thanks! (Mark Taylor 15.Jun.12)