AutoEnrollment Error in Application Log


I've inherited a very messy and un-maintained network.

I'm receiving the following error every 8 hours in the Application Log of my Domain Controller:

Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005).  Access is denied.

I have googled several articles and most, if not all, deal with Certificate Authority server.  However, I do not have Certificate Authority server installed.

The server is running Windows 2003 SP2 and it is missing only recent Windows Updates.  It is the only Domain Controller.  (I forcibly removed an old DC a few weeks ago which was no longer connected to the network.  A dcpromo may have been run, but it certainly wasn't complete.)

I can find no other related error messages in any other Event Log.  The Event Logs are quite clean, with exception to this error message.

Assistance is greatly appreciated.


Who is Participating?
KaffiendConnect With a Mentor Commented:
Have you checked to see if your Active directory ever had at some point in time a CA?  (perhaps the old DC, or some other server?)

Here's some help in removing traces of old defunct CAs in Active Directory:

BTW, you *should* have a CA somewhere.  It doesn't take very much to maintain after installation, and it opens you up to possibilities such as: WPA Enterprise wireless security, IPSEC for VPNs, and others
akerriganAuthor Commented:
There appears to have never been a CA.

akerriganAuthor Commented:
Added a Certificate Authority, and the error disappeared.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.