Request-CsCertificate – Command execution failed: Denied by Policy Module


Using the Skype for Business Server Deployment Wizard, when requesting a new certificate based on a custom template, the task fails with “Command execution failed: Denied by Policy Module”.


I am specifying a custom template called SfB_Template, this template was created to provide 5 year validity certificates to Skype for Business Servers.



Using the Certification Authority MMC, under Failed Requests, there is an entry that corresponds with the “Denied by Policy Module” error:

Request ID: 148

Request Status Code: The permissions on the certificate template do not allow the current user to enroll for this type of certificate.  0x80094012 (-2146877422 CERTSRV_E_TEMPLATE_DENIED).

Request Disposition Message: Denied by Policy Module


Back to the Certificate Authority MMC, edit the permissions on the Certificate Template (SfB_Template) to give the account requesting the certificate the permissions required to do so.

Here I have given the CsAdministrator full permissions to perform this task:


The certificate can now be successfully requested and issued.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s