2008 Acitive Directory server in 2003 domain certificate enrollment error

Experts,

I've searched through the posts here but can't find a solution. I have 2008 server that I joined to a 2003 domain and promoted to a domain controller. It holds no FSMO roles.

Everything seemed fine but the error below keeps coming up

Certificate enrollment for Local system failed to enroll for a DomainController certificate from server06.domain.com\domainCertificateAuthority (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

server06 is the other DC. I have added my new DC (server7) to the CERTSVC_DCOM_ACCESS group but am not sure where to go next.

Your help is greatly appreciated
Raymo12Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
TasmantConnect With a Mentor Commented:
is there any firewall between the two servers?
is the domain controller certificate template available in the CA?
are you sure the domain controllers group is member of CERTSVC_DCOM_ACCESS
http://support.microsoft.com/kb/947237/en-us
you could find useful information on this post: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ab4ddc37-c0cf-4ff7-b42b-afa617b21eb0/
it could be a security issue with DCOM.
0
 
Raymo12Author Commented:
After adding the server to the dcom access group I also performed the following on server06

   1. certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
   2. net stop certsvc
   3. net start certsvc

Maybe I just need to see where I can verify this fix? I am not sure how often the error triggers
0
 
Raymo12Author Commented:
Tasmant

No firewall between servers

domain controller group is member of CERTSVC_DCOM_ACCESS

domain controller certificate template exists in primary dc

IN following the steps from your link I do see that a certificate is installed on my new DC and it's valid. I do not see the error in the event viewer since last night. I will update later but I think the steps above may have solved it.
0
 
Raymo12Author Commented:
No errors. It looks like the commands after giving the server dcom_access rights as well as the verification steps outlined by Tasmant's link helped solve this issue.

Thanks!
0
All Courses

From novice to tech pro — start learning today.