Solved

2008 Acitive Directory server in 2003 domain certificate enrollment error

Posted on 2011-03-15
4
1,080 Views
Last Modified: 2012-05-11
Experts,

I've searched through the posts here but can't find a solution. I have 2008 server that I joined to a 2003 domain and promoted to a domain controller. It holds no FSMO roles.

Everything seemed fine but the error below keeps coming up

Certificate enrollment for Local system failed to enroll for a DomainController certificate from server06.domain.com\domainCertificateAuthority (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

server06 is the other DC. I have added my new DC (server7) to the CERTSVC_DCOM_ACCESS group but am not sure where to go next.

Your help is greatly appreciated
0
Comment
Question by:Raymo12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:Raymo12
ID: 35143320
After adding the server to the dcom access group I also performed the following on server06

   1. certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
   2. net stop certsvc
   3. net start certsvc

Maybe I just need to see where I can verify this fix? I am not sure how often the error triggers
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
ID: 35147101
is there any firewall between the two servers?
is the domain controller certificate template available in the CA?
are you sure the domain controllers group is member of CERTSVC_DCOM_ACCESS
http://support.microsoft.com/kb/947237/en-us
you could find useful information on this post: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ab4ddc37-c0cf-4ff7-b42b-afa617b21eb0/
it could be a security issue with DCOM.
0
 

Author Comment

by:Raymo12
ID: 35149485
Tasmant

No firewall between servers

domain controller group is member of CERTSVC_DCOM_ACCESS

domain controller certificate template exists in primary dc

IN following the steps from your link I do see that a certificate is installed on my new DC and it's valid. I do not see the error in the event viewer since last night. I will update later but I think the steps above may have solved it.
0
 

Author Comment

by:Raymo12
ID: 35157494
No errors. It looks like the commands after giving the server dcom_access rights as well as the verification steps outlined by Tasmant's link helped solve this issue.

Thanks!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question