[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Autoenrollment Errors

Posted on 2009-12-29
3
Medium Priority
?
393 Views
Last Modified: 2013-12-01


Hello

I am attempting to resolve an autoenrollment issue

Event Type:    Error
Event Source:    AutoEnrollment
Event Category:    None
Event ID:    13
Date:        29/12/2009
Time:        05:13:18
User:        N/A
Computer:    Server01
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x800706ba).  The RPC server is unavailable.

I found the following solution. I would like to know what permissions should the group Addministrators/System and Everyone should have. is it read only or full control?


From a newsgroup post: "Can you check what are the ACLs on the directory %system drive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys? Does it have just "Everyone"? If this is the only permission it has, then enrollment will fail. After creating the private key, enrollment removes the "Everyone" group from the permission on the private key (as it is bad to have that), however if "Everyone" is the only ACL on the key, this renders the key not accessible by anyone. You should have only Administrators and System able to access the machine private keys".
0
Comment
Question by:mail2clk
  • 2
3 Comments
 
LVL 6

Expert Comment

by:bluepig
ID: 26137962
Maybe a dumb question, but do you have an NT server still on the network?
0
 

Author Comment

by:mail2clk
ID: 26138032
We have two Windows 2003 servers on each of the two sites. The. CA is on one of the servers on the other site. Hope this helps.
0
 

Accepted Solution

by:
mail2clk earned 0 total points
ID: 26151824
I manage to resolve the issue. By allowing the network administrator which logs onto the server to request a certificate. This can be applied in Certification Authority. Right click on the top container then properties->security and ngive the network administrator that logs onto the server "Reqest Certificate" permission. I restarted the server and autoenrollment works.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question