Autoenrollment Errors


I am attempting to resolve an autoenrollment issue

Event Type:    Error
Event Source:    AutoEnrollment
Event Category:    None
Event ID:    13
Date:        29/12/2009
Time:        05:13:18
User:        N/A
Computer:    Server01
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x800706ba).  The RPC server is unavailable.

I found the following solution. I would like to know what permissions should the group Addministrators/System and Everyone should have. is it read only or full control?

From a newsgroup post: "Can you check what are the ACLs on the directory %system drive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys? Does it have just "Everyone"? If this is the only permission it has, then enrollment will fail. After creating the private key, enrollment removes the "Everyone" group from the permission on the private key (as it is bad to have that), however if "Everyone" is the only ACL on the key, this renders the key not accessible by anyone. You should have only Administrators and System able to access the machine private keys".
Who is Participating?
mail2clkConnect With a Mentor Author Commented:
I manage to resolve the issue. By allowing the network administrator which logs onto the server to request a certificate. This can be applied in Certification Authority. Right click on the top container then properties->security and ngive the network administrator that logs onto the server "Reqest Certificate" permission. I restarted the server and autoenrollment works.
Maybe a dumb question, but do you have an NT server still on the network?
mail2clkAuthor Commented:
We have two Windows 2003 servers on each of the two sites. The. CA is on one of the servers on the other site. Hope this helps.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.