Solved

2008 Acitive Directory server in 2003 domain certificate enrollment error

Posted on 2011-03-15
4
1,075 Views
Last Modified: 2012-05-11
Experts,

I've searched through the posts here but can't find a solution. I have 2008 server that I joined to a 2003 domain and promoted to a domain controller. It holds no FSMO roles.

Everything seemed fine but the error below keeps coming up

Certificate enrollment for Local system failed to enroll for a DomainController certificate from server06.domain.com\domainCertificateAuthority (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

server06 is the other DC. I have added my new DC (server7) to the CERTSVC_DCOM_ACCESS group but am not sure where to go next.

Your help is greatly appreciated
0
Comment
Question by:Raymo12
  • 3
4 Comments
 

Author Comment

by:Raymo12
ID: 35143320
After adding the server to the dcom access group I also performed the following on server06

   1. certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
   2. net stop certsvc
   3. net start certsvc

Maybe I just need to see where I can verify this fix? I am not sure how often the error triggers
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
ID: 35147101
is there any firewall between the two servers?
is the domain controller certificate template available in the CA?
are you sure the domain controllers group is member of CERTSVC_DCOM_ACCESS
http://support.microsoft.com/kb/947237/en-us
you could find useful information on this post: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ab4ddc37-c0cf-4ff7-b42b-afa617b21eb0/
it could be a security issue with DCOM.
0
 

Author Comment

by:Raymo12
ID: 35149485
Tasmant

No firewall between servers

domain controller group is member of CERTSVC_DCOM_ACCESS

domain controller certificate template exists in primary dc

IN following the steps from your link I do see that a certificate is installed on my new DC and it's valid. I do not see the error in the event viewer since last night. I will update later but I think the steps above may have solved it.
0
 

Author Comment

by:Raymo12
ID: 35157494
No errors. It looks like the commands after giving the server dcom_access rights as well as the verification steps outlined by Tasmant's link helped solve this issue.

Thanks!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now