Solved

Automatic Certificate Enrollment Failed

Posted on 2009-03-30
6
706 Views
Last Modified: 2012-05-06
I seeing the following event in a number of our DC"s:

Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      13
Date:            3/30/2009
Time:            3:02:39 AM
User:            N/A
Computer:      STERLINGPDC
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005).  Access is denied.

I ran the GPUpdate.exe /force but that didn't work. Do you know why this started happening and how do I fix the problem.

Thanks for your help,
David


0
Comment
Question by:DBaldarelli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 5

Expert Comment

by:gzarnick
ID: 24018096
0
 
LVL 5

Expert Comment

by:gzarnick
ID: 24018098
Run "certutil.exe -dsdel CAName"
0
 

Author Comment

by:DBaldarelli
ID: 24018144
Do I run this on the Domain Controllers showing the event or on the CA server?
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 5

Accepted Solution

by:
gzarnick earned 250 total points
ID: 24018218
I would run it on the CA server.  

Check that out.
http://support.microsoft.com/kb/927066

It seems that a client is trying to use multiple DNS suffixes.

Also, you're answer could be within here:

http://www.eventid.net/display.asp?eventid=13&eventno=2719&source=AutoEnrollment&phase=1
0
 

Author Comment

by:DBaldarelli
ID: 24018873
Article 927066 that you sent me solved my problem. The CERTSVC_DCOM_ACCESS group was not listed for Local or Remote Access. I also added Domain Controllers to the the CERTSVC_DCOM_ACCESS group. Thank you for your help.

David
0
 

Author Closing Comment

by:DBaldarelli
ID: 31564294
Thanks for your quick response.
David
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question