Solved

Certificate Services client auto-enrollment Event ID 6

Posted on 2013-12-11
4
4,516 Views
Last Modified: 2013-12-23
This is a RODC MS Standard 2008 R2 server.
The error:
Automatic certificate enrollment for domain\user failed (0x8007003a) The specified server cannot perform the requested operation.
This is different than the Event ID 6 for RPC availability.

I have checked the certs and they appear fine but not sure if I am missing something.

Any help would be great because it is the RODC in my DMZ so many services outside rely on it for auth.

Kry
0
Comment
Question by:kryanC
  • 2
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39712248
For auto-enrollment check that the certificate template is used by a CA and that the CA service is running on this machine and reachable via RPC
Just telnet CA server from RODC on TCP 135 and check if it succeed ?
Also ensure that High TCP ports are opened from RODC to CA server (1024-656535 or 49152-65535 if CA server is 2008 and above)

http://support.microsoft.com/kb/832017#method4

Mahesh
0
 

Author Comment

by:kryanC
ID: 39724105
Thanks, telnet was good and ports are opened. Not sure but thought about deleting 509 certs in registry. Thoughts?

Kry
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39725828
Not sure why you require certificate on RODC ?

Anyways, you can directly delete certificate from Certificate Personnel store on RODC

Also you can request certificate for user manually through Certificate MMC console \ personnel certificates on RODC

Just ensure that you have root ca certificate installed on RODC in Trusted root certification authorities

Mahesh
0
 

Author Closing Comment

by:kryanC
ID: 39736336
Thanks that has cleared up the issues.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now