Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3469
  • Last Modified:

CertSvc Errors

Can you help please ?

I'm getting the following event error on my Win2003srv SP1 AD\DC.

Event Type:     Error
Event Source:     AutoEnrollment
Event Category:     None
Event ID:     13
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80094800).  The requested certificate template is not supported by this CA.

---------------


And EventID 73 warnings are logged on my Exchange 2003 server, running on Win2003.  Here are a few of them:-


Event Type:     Warning
Event Source:     CertSvc
Event Category:     None
Event ID:     53
Description:
Certificate Services denied request 706 because The requested certificate template is not supported by this CA. 0x80094800 (-2146875392).  The request was for company\DC1$.  Additional information: Denied by Policy Module  0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy: DomainController.


Event Type:     Warning
Event Source:     CertSvc
Event Category:     None
Event ID:     77
Description:
The "Windows default" Policy Module logged the following warning: The Administrator Certificate Template could not be loaded.  Element not found. 0x80070490 (WIN32: 1168).


Event Type:     Warning
Event Source:     CertSvc
Event Category:     None
Event ID:     77
Description:
The "Windows default" Policy Module logged the following warning: The SubCA(v5.0): V1 Certificate Template could not be loaded.  Element not found. 0x80070490 (WIN32: 1168).

-------------


1) Do I need to be concerned about the messages ?  Everything appears to be running normally though.

2) How do I resolve the issues and stop the events being logged ?


Hopefully you can point me in the right direction......

Thanks again
0
stevendunne
Asked:
stevendunne
  • 2
  • 2
1 Solution
 
Jay_Jay70Commented:
Hi stevendunne,

there is a troubleshooting page at the bottom of this link for autoenrollment
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
0
 
stevendunneAuthor Commented:
I've found out a bit more about this.

The CA is installed on our Exchange 2003 box, to serve the SSL certificate for OWA.  Our Win2003 Srv DC doesn't have CA installed at all, but it's producing these errors every 8 hours:-

Event Type:     Error
Event Source:     AutoEnrollment
Event Category:     None
Event ID:     13
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80094800).  The requested certificate template is not supported by this CA.


The server must be trying to make a request that fails ?  I've done some more research and found this info under "Certificate Services: Effects of security enhancements to the DCOM protocol" in the following article:-

http://support.microsoft.com/default.aspx/kb/889101

So I've added my domain controllers group to the CERTSVC_DCOM_ACCESS group which has been created on my Exchange server, as the CA is running there.

Does this info ring any bells with you ?

Thanks
0
 
stevendunneAuthor Commented:
Quote:

"So I've added my domain controllers group to the CERTSVC_DCOM_ACCESS group which has been created on my Exchange server, as the CA is running there"

That has done the trick, and the errors are no longer present.

Please close this question.
0
 
Jay_Jay70Commented:
well done mate, you will need to post in community support and ask for it to be closed
0
 
CetusMODCommented:
PAQed with points refunded (450)

CetusMOD
Community Support Moderator
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now