Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

2008 Acitive Directory server in 2003 domain certificate enrollment error

Posted on 2011-03-15
4
Medium Priority
?
1,081 Views
Last Modified: 2012-05-11
Experts,

I've searched through the posts here but can't find a solution. I have 2008 server that I joined to a 2003 domain and promoted to a domain controller. It holds no FSMO roles.

Everything seemed fine but the error below keeps coming up

Certificate enrollment for Local system failed to enroll for a DomainController certificate from server06.domain.com\domainCertificateAuthority (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

server06 is the other DC. I have added my new DC (server7) to the CERTSVC_DCOM_ACCESS group but am not sure where to go next.

Your help is greatly appreciated
0
Comment
Question by:Raymo12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:Raymo12
ID: 35143320
After adding the server to the dcom access group I also performed the following on server06

   1. certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
   2. net stop certsvc
   3. net start certsvc

Maybe I just need to see where I can verify this fix? I am not sure how often the error triggers
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 2000 total points
ID: 35147101
is there any firewall between the two servers?
is the domain controller certificate template available in the CA?
are you sure the domain controllers group is member of CERTSVC_DCOM_ACCESS
http://support.microsoft.com/kb/947237/en-us
you could find useful information on this post: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ab4ddc37-c0cf-4ff7-b42b-afa617b21eb0/
it could be a security issue with DCOM.
0
 

Author Comment

by:Raymo12
ID: 35149485
Tasmant

No firewall between servers

domain controller group is member of CERTSVC_DCOM_ACCESS

domain controller certificate template exists in primary dc

IN following the steps from your link I do see that a certificate is installed on my new DC and it's valid. I do not see the error in the event viewer since last night. I will update later but I think the steps above may have solved it.
0
 

Author Comment

by:Raymo12
ID: 35157494
No errors. It looks like the commands after giving the server dcom_access rights as well as the verification steps outlined by Tasmant's link helped solve this issue.

Thanks!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question