Posted on 2009-12-29
I am attempting to resolve an autoenrollment issue
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x800706ba). The RPC server is unavailable.
I found the following solution. I would like to know what permissions should the group Addministrators/System and Everyone should have. is it read only or full control?
From a newsgroup post: "Can you check what are the ACLs on the directory %system drive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys? Does it have just "Everyone"? If this is the only permission it has, then enrollment will fail. After creating the private key, enrollment removes the "Everyone" group from the permission on the private key (as it is bad to have that), however if "Everyone" is the only ACL on the key, this renders the key not accessible by anyone. You should have only Administrators and System able to access the machine private keys".