We help IT Professionals succeed at work.

Is Certificate Services Required for a Single Domain with Two DCs and a 3rd Party Exchange Certificate?

Last Modified: 2012-05-11
This probably seems like a bonehead question.  I am about to upgrade from Server 2003 to Server 2008 active directory and am clearing out a couple of Event Viewer errors. One is ID 13, Autoenrollment.  Apparently I am lacking the CERTSVC_DCOM_ACCESS security group.  We have a  third party certificate for our Exchange server.  Can I finesse this simply by installing Certificate Services and making sure this security group is created?  And adding the DCs, of course.  Or will this engender some configuration headaches that might interfere with our 3rd party certificate?
Watch Question

Unlock this solution and get a sample of our free trial.
(No credit card required)


I may have found an MS support article that describes the problem and offers a solution.  ID 927066.  It says I need to run the following commands to create the missing security account. certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc

I just have a lingering concern that this might interfere with the settings for the 3rd party Exchange certificate.  By the way, I looked for the the certificate web site in Exchange as you suggested but cannot find it.  Will keep looking.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.