Link to home
Start Free TrialLog in
Avatar of ts_nemits
ts_nemits

asked on

Windows 2008 R2 Certificate Authority Enroll error

I have setup an certificate authority on a Windows 2008 R2 server.
When I try to manually enroll a computer certificate for a workstation (Windows 7), I get and error saying "The RPC server is unavailable". In event viewer i get 3 entries (2 informational and 1 error):
Certificate enrollment for Local system is successfully authenticated by policy server {6081C72C-1312-4AE5-95AD-F46C744D23C6}
Certificate enrollment for Local system successfully load policy from policy server {6081C72C-1312-4AE5-95AD-F46C744D23C6}
Certificate enrollment for Local system failed to enroll for a Machine certificate with request ID N/A from nemapps.nemits.dk\NEMITS-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
But then I try to enroll, from the same workstation, a user certificate. This works just fine.

This suggests that this is not a problem connecting to the RPC on the CA, but a permissions problem. I have no idea where this i set though.
Avatar of Paranormastic
Paranormastic
Flag of United States of America image

Can you enroll other workstations okay?  If so, try rejoining this box to the domain.

Permissions for the template are set in the Certificate Templates mmc (certtmpl.msc - you should be able to open this from your workstation).  The requester (e.g. the workstation / DOMAIN\Domain Computers) should have at least Read and Enroll permissions, and Autoenroll if desired.
ASKER CERTIFIED SOLUTION
Avatar of v_2abhis2
v_2abhis2

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ts_nemits
ts_nemits

ASKER

Found the problem. While the guide didn't really give the exact answer, i found that there were no users in the "Distributed COM Users" group on the CA server. Don't know why users could request certificates, and not computers. But after adding Authenticated users, all was fine.