[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Automatic certificate enrollment

Posted on 2007-10-03
15
Medium Priority
?
1,301 Views
Last Modified: 2008-09-30
Automatic certificate enrollment for xyz\administrator failed to enroll for one Auto enroll Smartcard User certificate (0x80070005).  Access is denied
0
Comment
Question by:Muhammad_Amjad
  • 6
  • 6
13 Comments
 
LVL 4

Expert Comment

by:DeanC30
ID: 20004731
A little more information is required please;

What OS and Service Pack is the CA server?
What OS and Service Pack for the client?
Does the template allow for autoenroll?
Is there an Event ID?
0
 

Author Comment

by:Muhammad_Amjad
ID: 20004804
1st of all we are not using CA, OS of the domain controller is windows 2003 EE and its runing with SP2.
OS of clients machine were windows Xp with Sp2, event ID of the error is Event Id 13
0
 
LVL 4

Expert Comment

by:DeanC30
ID: 20004838
Sorry Muhammad, I am confused, if you are not using CA then where are you getting your certificates from?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Muhammad_Amjad
ID: 20004861
actually we are not usning any CA
0
 
LVL 4

Expert Comment

by:DeanC30
ID: 20004903
Now I am really confused!!

Your clients are using smart cards to logon, but you have no Certificate Authority to issue the corresponidng certificates, either internally or externally.

The error relates to a failure to autoenroll for a certificate which does not exist on a CA which does not exisit.
Sorry but I must be missing something here.  
0
 

Author Comment

by:Muhammad_Amjad
ID: 20005014
thats the main thing non of our clients are using smart card, but i am still getting those errors
0
 
LVL 4

Expert Comment

by:DeanC30
ID: 20005240
OK, now I get it.  Thank you.
Where are these errors generated?  Is it server or client?  Identify the machine generating the errors.  It would seem that something is configured to autoenroll for this certificate.  Also take a look at GPOs you have configured.
0
 

Author Comment

by:Muhammad_Amjad
ID: 20011756
Its generating on the DC
0
 

Author Comment

by:Muhammad_Amjad
ID: 20032689
any update?
0
 
LVL 4

Accepted Solution

by:
DeanC30 earned 2000 total points
ID: 20033654
Muhammad, in order for the administrator to be looking to autoenroll for a Smart Card certificate this must have been configured somewhere in your environment.  Did you take a look at GPOs?
Is it possible someone could have installed CA onto a machine in your network, or maybe a test machine, which has somehow 'leaked' into live?
I have never come across an error for something which has not been configured.

Sorry

0
 

Author Comment

by:Muhammad_Amjad
ID: 20039097
what if i disable the auto enrollment on my domain controller to get rid of those errors?
0
 
LVL 4

Expert Comment

by:DeanC30
ID: 20039346
What is your DC set up to autoenroll?
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22039329
Just to verify that there are not any rogue CA's in your network, you may want to check this out:
Administrative Tools -> Active Directory Sites and Services
In the MMC, highlight "Active Directory Sites and Services [server.fqdn]
View -> Show Services Node
Expand Services
Look for Public Key Services - if this is there, expand that and highlight Certification Authorities
If there are any servers listed in the details pane then this should hopefully point you to what CA is installed - at least a machine name and the CA name to start from.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Integration Management Part 2

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question