Go Back   TechArena Community > Technical Support > Computer Help > Windows Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links

Automatic certificate enrollment for local system failed

Windows Security

Thread Tools Search this Thread
Old 03-08-2006
Join Date: Oct 2005
Posts: 22
Automatic certificate enrollment for local system failed

Hi, in our Office we had setup 2 domain controllers running with Windows 2003 SP1. We did this a year ago. Out of these two, on first domain have installed certificate service and configured Certificate auto enrollment using Group Policy. So far it was working great without any issues or problem.

But now, after a year, we started getting error on second domain and this occurs every 8 hours. This is what I can see in the event viewer:
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Do you guys have any idea what could be the problem? Please help me fixing this out. Many thanks.

Reply With Quote
Old 04-08-2006
Join Date: Sep 2004
Posts: 73
Windows 2K3 Server with SP1 has introduces few enhanced default security settings for the DCOM protocol that provides an administrator independent control over local and remote permissions for starting COM servers, activating COM server settings, and accessing COM servers. You can get more info and solutions about this at http://support.microsoft.com/kb/903220/en-us
Reply With Quote
Old 17-06-2008
Join Date: Feb 2009
Posts: 1
Naturally, if I try to add the CERTSVC_DCOM_ACCESS group using the method suggested in the Microsoft KB article (http://support.microsoft.com/kb/903220/en-us):
certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc
I get the following error on each DC because I have no certificate services on those or on any other member server:
C:\>certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
CertUtil: -setreg command FAILED: 0x80070002 (WIN32: 2)
CertUtil: The system cannot find the file specified.
Every post I have read so far seems to assume that those with this problem *have* certificate services installed somewhere and that isn't necessarily true. When Win2003 SP1 is installed, is it supposed to automatically add the CERTSVC_DCOM_ACCESS groupto DCs regardless of whether there are any Cert Servers, or is it a pre-requisite of the service pack that I first have installed a Cert Server?
Reply With Quote
Old 07-05-2010
Join Date: May 2010
Posts: 1
Re: Automatic certificate enrollment for local system failed

I am receiving a similar error, and also have not installed Certificate Services... is this required.. I would guess if i do not have it (CA) installed I would just communicate with my DC (between DC), non-encrypted.
Reply With Quote

  TechArena Community > Technical Support > Computer Help > Windows Security
Tags: , , , , ,

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads for: "Automatic certificate enrollment for local system failed"
Thread Thread Starter Forum Replies Last Post
Certificate authentication failed error how to fix that Rounder1 Networking & Security 3 08-01-2012 11:05 AM
Windows 2003 Server CA Problem and Automatic certificate enrollment pac0124 Windows Server Help 5 16-08-2011 12:50 PM
How to request multiple domain certificate from local in house CA Saphire Windows Security 1 11-11-2008 02:35 PM
IAS and RAS server certificate enrollment AngerEyes Windows Security 3 27-05-2008 11:56 PM
Automatic certificate enrollment for local system failed after upgrading member server to domain controller Arch Willingham Windows Server Help 4 29-08-2005 02:47 AM

All times are GMT +5.5. The time now is 09:13 AM.