Solved

2008 Acitive Directory server in 2003 domain certificate enrollment error

Posted on 2011-03-15
4
1,079 Views
Last Modified: 2012-05-11
Experts,

I've searched through the posts here but can't find a solution. I have 2008 server that I joined to a 2003 domain and promoted to a domain controller. It holds no FSMO roles.

Everything seemed fine but the error below keeps coming up

Certificate enrollment for Local system failed to enroll for a DomainController certificate from server06.domain.com\domainCertificateAuthority (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

server06 is the other DC. I have added my new DC (server7) to the CERTSVC_DCOM_ACCESS group but am not sure where to go next.

Your help is greatly appreciated
0
Comment
Question by:Raymo12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:Raymo12
ID: 35143320
After adding the server to the dcom access group I also performed the following on server06

   1. certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
   2. net stop certsvc
   3. net start certsvc

Maybe I just need to see where I can verify this fix? I am not sure how often the error triggers
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
ID: 35147101
is there any firewall between the two servers?
is the domain controller certificate template available in the CA?
are you sure the domain controllers group is member of CERTSVC_DCOM_ACCESS
http://support.microsoft.com/kb/947237/en-us
you could find useful information on this post: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ab4ddc37-c0cf-4ff7-b42b-afa617b21eb0/
it could be a security issue with DCOM.
0
 

Author Comment

by:Raymo12
ID: 35149485
Tasmant

No firewall between servers

domain controller group is member of CERTSVC_DCOM_ACCESS

domain controller certificate template exists in primary dc

IN following the steps from your link I do see that a certificate is installed on my new DC and it's valid. I do not see the error in the event viewer since last night. I will update later but I think the steps above may have solved it.
0
 

Author Comment

by:Raymo12
ID: 35157494
No errors. It looks like the commands after giving the server dcom_access rights as well as the verification steps outlined by Tasmant's link helped solve this issue.

Thanks!
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question