|
| |||||||||
| Tags: certificate, certificate enrollment, domain controller, local system, sp1, windows 2003 server |
Sponsored Links
Automatic certificate enrollment for local system failed
Windows Security
 |
| | Thread Tools | Search this Thread |
|
| |||||||||
| Tags: certificate, certificate enrollment, domain controller, local system, sp1, windows 2003 server |
|
| | Thread Tools | Search this Thread |
|
#1
03-08-2006
| |||
| |||
| Automatic certificate enrollment for local system failed
We have 2 Win2003 Domain Controlers with SP1 installed - dc01 and dc02. On dc01, I have installed the certificate service and configured Certificate autoenrollment through Group Policy. Every thing has been working fine for almost one year. However, recently, the dc02 gets an error in the event viewer for every 8 hours: Event Type: Error Event Source: AutoEnrollment Event Category: None Event ID: 13 Description: Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied. Access is denied. Any idea would be appreciated  |
|
#2
04-08-2006
| |||
| |||
|
check here Description of the changes to DCOM security settings after you install Windows Server 2003 Service Pack 1 http://support.microsoft.com/kb/903220/en-us Yes, if you did not do it for SP1, then the same issue will exist in SP2 |
|
#3
17-06-2008
| |||
| |||
|
Does this info works if you have SP2 instead of SP1? I'm getting that same error too, but with SP2 on it. I have this same error, am missing the CERTSVC_DCOM_ACCESS group and have a similar configuration but with one difference: I have three DCs running Win2003 SP2 I do not have Certicate Services installed on any DC or any member server. Naturally, if I try to add the CERTSVC_DCOM_ACCESS group using the method suggested in the Microsoft KB article (http://support.microsoft.com/kb/903220/en-us): certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAGI get the following error on each DC because I have no certificate services on those or on any other member server: C:\>certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAGEvery post I have read so far seems to assume that those with this problem *have* certificate services installed somewhere and that isn't necessarily true. When Win2003 SP1 is installed, is it supposed to automatically add the CERTSVC_DCOM_ACCESS groupto DCs regardless of whether there are any Cert Servers, or is it a pre-requisite of the service pack that I first have installed a Cert Server? If my solution to adding the CERTSVC_DCOM_ACCESS group is to first install a Cert Server and then re-apply SP1 or SP2, I'll do so but I don't necessarily want to install a Cert Server in my domain if I don't otherwise have to. |
|
#4
07-05-2010
| |||
| |||
| Re: Automatic certificate enrollment for local system failed
I am receiving a similar error, and also have not installed Certificate Services... is this required.. I would guess if i do not have it (CA) installed I would just communicate with my DC (between DC), non-encrypted. |
|
|
| Thread Tools | Search this Thread |
| |
Similar Threads for: "Automatic certificate enrollment for local system failed" | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Windows 2003 Server CA Problem and Automatic certificate enrollment | pac0124 | Windows Server Help | 5 | 16-08-2011 12:50 PM |
| Automatic enrollment failed | Johnsp | Active Directory | 2 | 05-06-2009 06:06 PM |
| IAS and RAS server certificate enrollment | Randy Smith | Windows Security | 3 | 27-05-2008 11:56 PM |
| Automatic certificate enrollment for local system failed after upgrading member server to domain controller | Arch Willingham | Windows Server Help | 4 | 29-08-2005 02:47 AM |
| Automatic certificate enrollment errors | Jim | Windows Server Help | 1 | 30-07-2005 11:32 PM |
