Computer certificates enrolling multiple times
Posted on 2013-06-12
I am having an issue with a 2008 R2 Standard Enterprise CA where computer accounts are being issued multiple certificates. Auto-enrollment is configured via group policy. The template in use is "Copy of Workstation Authentication". "Publish certificate in Active Directory" and "Do not automatically reenroll if a duplicate certificate exists in Active Directory" are both enabled on the template. It is not a widespread issue but there are usually a few a day, but not for the same computer day after day.
It may not be at all related but the event application log for this CA server frequently has the following logged:
Event 77: Classic, CertificationAuthority
The "Windows default" Policy Module logged the following warning: The Active Directory connection to CASERVER.DOMAIN.COM has been reestablished to CASERVER.DOMAIN.COM.
Your assistance is greatly appreciated.