PLEASE HELP: Autoenrollment Failure (0x80070005) for Additional Domain Controller W2K3

Hi,

I'm in the process of performing my final test deployment of a Windows
Server 2003 Active Directory network.

I have an Enterprise Root CA, which resides on the first domain controller
SERVER01 (this is also a Global Catalog server) and this Domain Controller
has successfully obtained a 'Domain Controller' certificate. But the second
domain controller SERVER02 has not been able to obtain a 'Domain Controller'
certificate. When this second domain controller starts up, it logs the
following entry in the 'Application' event log:

Source: Autoenrollment
Event ID: 13

Autoenrollment certificate for the local system failed to enroll for one
Domain Controller certificate (0x80070005). Access is denied

I have checked the TCP/IP configiration of the two domain controllers, both
servers are on the same IP network; a 10.1.0.0/24 network;

SERVER01 - has the IP address - 10.1.0.1/24
SERVER02 - has the IP address - 10.1.0.2/24

I have seen that both of the domain controllers are located in the
'DOMAIN\Domain Controllers' security group and this group has the default
permissions to the 'Domain Controller Authentication' certificare template
(Enroll and Autoenroll set to Allow).

The rest of the configuration is the default configuration. The domain
controllers and all servers are running Windows Server 2003 SP1. I have
other servers, which all pickup their certificates without any issues, but
no matter how many times I reboot this second domain controller it fails to
get a certificate.

I have performed a load of searches on the Knowledgebase and TechNet, but I
can't find any article.

Many thanks in advance for any solutions/advice will be most apprecaited.

I've just found this support article...

http://support.microsoft.com/default...b;en-us;903220

Its been fixed in SP1...



"Neil Hobbs" <neil.hobbs@tigertelematics.com> wrote in message
news:ejVSS2r7FHA.3876@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I'm in the process of performing my final test deployment of a Windows
> Server 2003 Active Directory network.
>
> I have an Enterprise Root CA, which resides on the first domain controller
> SERVER01 (this is also a Global Catalog server) and this Domain Controller
> has successfully obtained a 'Domain Controller' certificate. But the
> second
> domain controller SERVER02 has not been able to obtain a 'Domain
> Controller'
> certificate. When this second domain controller starts up, it logs the
> following entry in the 'Application' event log:
>
> Source: Autoenrollment
> Event ID: 13
>
> Autoenrollment certificate for the local system failed to enroll for one
> Domain Controller certificate (0x80070005). Access is denied
>
> I have checked the TCP/IP configiration of the two domain controllers,
> both
> servers are on the same IP network; a 10.1.0.0/24 network;
>
> SERVER01 - has the IP address - 10.1.0.1/24
> SERVER02 - has the IP address - 10.1.0.2/24
>
> I have seen that both of the domain controllers are located in the
> 'DOMAIN\Domain Controllers' security group and this group has the default
> permissions to the 'Domain Controller Authentication' certificare template
> (Enroll and Autoenroll set to Allow).
>
> The rest of the configuration is the default configuration. The domain
> controllers and all servers are running Windows Server 2003 SP1. I have
> other servers, which all pickup their certificates without any issues, but
> no matter how many times I reboot this second domain controller it fails
> to
> get a certificate.
>
> I have performed a load of searches on the Knowledgebase and TechNet, but
> I
> can't find any article.
>
> Many thanks in advance for any solutions/advice will be most apprecaited.
>
>
>