Raymo12
asked on
2008 Acitive Directory server in 2003 domain certificate enrollment error
Experts,
I've searched through the posts here but can't find a solution. I have 2008 server that I joined to a 2003 domain and promoted to a domain controller. It holds no FSMO roles.
Everything seemed fine but the error below keeps coming up
Certificate enrollment for Local system failed to enroll for a DomainController certificate from server06.domain.com\domain
server06 is the other DC. I have added my new DC (server7) to the CERTSVC_DCOM_ACCESS group but am not sure where to go next.
Your help is greatly appreciated
I've searched through the posts here but can't find a solution. I have 2008 server that I joined to a 2003 domain and promoted to a domain controller. It holds no FSMO roles.
Everything seemed fine but the error below keeps coming up
Certificate enrollment for Local system failed to enroll for a DomainController certificate from server06.domain.com\domain
server06 is the other DC. I have added my new DC (server7) to the CERTSVC_DCOM_ACCESS group but am not sure where to go next.
Your help is greatly appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tasmant
No firewall between servers
domain controller group is member of CERTSVC_DCOM_ACCESS
domain controller certificate template exists in primary dc
IN following the steps from your link I do see that a certificate is installed on my new DC and it's valid. I do not see the error in the event viewer since last night. I will update later but I think the steps above may have solved it.
No firewall between servers
domain controller group is member of CERTSVC_DCOM_ACCESS
domain controller certificate template exists in primary dc
IN following the steps from your link I do see that a certificate is installed on my new DC and it's valid. I do not see the error in the event viewer since last night. I will update later but I think the steps above may have solved it.
ASKER
No errors. It looks like the commands after giving the server dcom_access rights as well as the verification steps outlined by Tasmant's link helped solve this issue.
Thanks!
Thanks!
ASKER
1. certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDAT
2. net stop certsvc
3. net start certsvc
Maybe I just need to see where I can verify this fix? I am not sure how often the error triggers