XTADMIN
asked on
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b)
I have Office Communicator Server 2007 installed and working fine internally. I don't have plans to have external users. However, when laptops are taken offline, they still try to connect and they are getting a "Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b)" error in the event viewer and a "There was a problem verifying the certificate from the server" error on the screen. I know the laptop cannot contact the internal CA, but is there anyway to prevent this error from popping up with laptops are offline?
ASKER
The firewall is already disabled. What does renaming/rejoining the domain accomplish? What are the implications for changing the autoenrollment setting?
Ok, I missed that you are disconnected,
This problem may occur if the Autoenrollment feature cannot reach an Active Directory domain controller.
How to enable or disable the self-enrollment feature for a group
In Group Tools, select the group, select edit, then check or uncheck the box labeled Allow users to self-enroll in this Group, then select OK. Checking the box allows self-enrollment; unchecking it disables self-enrollment.
If you are enabling self-enrollment for the group, make sure to give self-enrolling students the group name and self-enroll password so that they can complete the process.
This problem may occur if the Autoenrollment feature cannot reach an Active Directory domain controller.
How to enable or disable the self-enrollment feature for a group
In Group Tools, select the group, select edit, then check or uncheck the box labeled Allow users to self-enroll in this Group, then select OK. Checking the box allows self-enrollment; unchecking it disables self-enrollment.
If you are enabling self-enrollment for the group, make sure to give self-enrolling students the group name and self-enroll password so that they can complete the process.
ASKER
what are group tools?
to turn off the Autoenrollment feature in the Local Group Policy, follow these steps on the local workstation:
Click Start, click Run, type gpedit.msc, and then press ENTER.
In the left pane, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
Double-click Autoenrollment Settings.
Click Do not enroll certificates automatically.
Click OK.
Repeat steps 2 through 5, but in step 2, expand User Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
Close the Group Policy window.
Click Start, click Run, type gpedit.msc, and then press ENTER.
In the left pane, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
Double-click Autoenrollment Settings.
Click Do not enroll certificates automatically.
Click OK.
Repeat steps 2 through 5, but in step 2, expand User Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
Close the Group Policy window.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2) Remove the system from domain and restart the system.
3) Change the hostname and restart the system
4) Add the system back to domain and restart the system.
5) Login and run 'gpupdate /force' (reboot if required)
OR
TRY
http://support.microsoft.com/kb/310461