[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 881
  • Last Modified:

Computer certificates enrolling multiple times

I am having an issue with a 2008 R2 Standard Enterprise CA where computer accounts are being issued multiple certificates. Auto-enrollment is configured via group policy. The template in use is "Copy of Workstation Authentication". "Publish certificate in Active Directory" and "Do not automatically reenroll if a duplicate certificate exists in Active Directory" are both enabled on the template. It is not a widespread issue but there are usually a few a day, but not for the same computer day after day.

It may not be at all related but the event application log for this CA server frequently has the following logged:

Event 77: Classic, CertificationAuthority

The "Windows default" Policy Module logged the following warning: The Active Directory connection to CASERVER.DOMAIN.COM has been reestablished to CASERVER.DOMAIN.COM.

Your assistance is greatly appreciated.
0
cberrymd
Asked:
cberrymd
  • 2
  • 2
1 Solution
 
irweazelwallisCommented:
i have the same issue but i don't have that warning in my event logs
0
 
irweazelwallisCommented:
my problem was that i had the Session Host Server authentication setting enabled and this causes the problem i.e. when a background refresh happens it generates a new certificate
0
 
cberrymdAuthor Commented:
Issue resolved by removing "Publish in DS" for workstation/computer/server templates and increasing server resources to improve performance. AD CS probably issued multiple certs due to poor connectivity with revocation information.
0
 
cberrymdAuthor Commented:
No answers provided. EE community did not assist.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now