• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

AutoEnrollment Error in Application Log


I've inherited a very messy and un-maintained network.

I'm receiving the following error every 8 hours in the Application Log of my Domain Controller:

Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005).  Access is denied.

I have googled several articles and most, if not all, deal with Certificate Authority server.  However, I do not have Certificate Authority server installed.

The server is running Windows 2003 SP2 and it is missing only recent Windows Updates.  It is the only Domain Controller.  (I forcibly removed an old DC a few weeks ago which was no longer connected to the network.  A dcpromo may have been run, but it certainly wasn't complete.)

I can find no other related error messages in any other Event Log.  The Event Logs are quite clean, with exception to this error message.

Assistance is greatly appreciated.


  • 2
1 Solution
Have you checked to see if your Active directory ever had at some point in time a CA?  (perhaps the old DC, or some other server?)

Here's some help in removing traces of old defunct CAs in Active Directory:

BTW, you *should* have a CA somewhere.  It doesn't take very much to maintain after installation, and it opens you up to possibilities such as: WPA Enterprise wireless security, IPSEC for VPNs, and others
akerriganAuthor Commented:
There appears to have never been a CA.

akerriganAuthor Commented:
Added a Certificate Authority, and the error disappeared.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now