Computer certificates enrolling multiple times

I am having an issue with a 2008 R2 Standard Enterprise CA where computer accounts are being issued multiple certificates. Auto-enrollment is configured via group policy. The template in use is "Copy of Workstation Authentication". "Publish certificate in Active Directory" and "Do not automatically reenroll if a duplicate certificate exists in Active Directory" are both enabled on the template. It is not a widespread issue but there are usually a few a day, but not for the same computer day after day.

It may not be at all related but the event application log for this CA server frequently has the following logged:

Event 77: Classic, CertificationAuthority

The "Windows default" Policy Module logged the following warning: The Active Directory connection to CASERVER.DOMAIN.COM has been reestablished to CASERVER.DOMAIN.COM.

Your assistance is greatly appreciated.
cberrymdAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
cberrymdConnect With a Mentor Author Commented:
Issue resolved by removing "Publish in DS" for workstation/computer/server templates and increasing server resources to improve performance. AD CS probably issued multiple certs due to poor connectivity with revocation information.
0
 
ChrisCommented:
i have the same issue but i don't have that warning in my event logs
0
 
ChrisCommented:
my problem was that i had the Session Host Server authentication setting enabled and this causes the problem i.e. when a background refresh happens it generates a new certificate
0
 
cberrymdAuthor Commented:
No answers provided. EE community did not assist.
0
All Courses

From novice to tech pro — start learning today.