Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Event ID 13 16 10006 and 10016 on Windows 2003 DC's
Windows 2003 Server SP2 Enterprise Edition
I have 2 (two) DC's both the same as above
Been running great for a long time
All of a sudden I am getting these errors
On DC1
Event ID 16 AutoEnrollment
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Event ID 13 AutoEnrollment
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Event ID 10006 DCOM
DCOM got error "%2147942405" from the computer serv012.our.network.mydoma
activate the server:
{D99E6E74-FC88-11D0-B498-0
On DC2 This DC hold all the Roles and Runs CertMGR
Event ID 10016 DCOM
The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{D99E6E74-FC88-11D0-B498-0
to the user OUR\SERV011$ SID (S-1-5-21-3054588571-13414
How can I fix this?
Thanks for any help
I have 2 (two) DC's both the same as above
Been running great for a long time
All of a sudden I am getting these errors
On DC1
Event ID 16 AutoEnrollment
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Event ID 13 AutoEnrollment
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Event ID 10006 DCOM
DCOM got error "%2147942405" from the computer serv012.our.network.mydoma
activate the server:
{D99E6E74-FC88-11D0-B498-0
On DC2 This DC hold all the Roles and Runs CertMGR
Event ID 10016 DCOM
The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{D99E6E74-FC88-11D0-B498-0
to the user OUR\SERV011$ SID (S-1-5-21-3054588571-13414
How can I fix this?
Thanks for any help
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Can you verify if your servers are members of the following group
CERTSRV_DCOM_ACCESS
Please also verify that the correct permissions are on DC
go to the certificate authority manager and go to the properties of your ca go to the security tab and ensure that you allow computers to read and request certificates.
CERTSRV_DCOM_ACCESS
Please also verify that the correct permissions are on DC
go to the certificate authority manager and go to the properties of your ca go to the security tab and ensure that you allow computers to read and request certificates.
Following are members of CERTSRV_DCOM_ACCESS
Domain Computers
Domain Controllers
Domain Users
I hope you meant check Certification Authority
The security tab has
Administrators Issue and Manage Certificates and Manage CA
Authenticated Users Issue and Manage Certificates and Manage CA
Domain Admins Issue and Manage Certificates and Manage CA
Enterprise Admins Issue and Manage Certificates and Manage CA
That's it any thing missing or wrong.
Nothing has changed in a long long time
Domain Computers
Domain Controllers
Domain Users
I hope you meant check Certification Authority
The security tab has
Administrators Issue and Manage Certificates and Manage CA
Authenticated Users Issue and Manage Certificates and Manage CA
Domain Admins Issue and Manage Certificates and Manage CA
Enterprise Admins Issue and Manage Certificates and Manage CA
That's it any thing missing or wrong.
Nothing has changed in a long long time
Please grant Read & Enroll permissions to Domain computers.
Once done you can try rebooting your DC it should automatically enroll.
Once done you can try rebooting your DC it should automatically enroll.
Thanks for responding
Only permissions I have to select from are
Read
Issue and Manage Certificates
Manage CA
Request Certificates
Am I missing something here?
Only permissions I have to select from are
Read
Issue and Manage Certificates
Manage CA
Request Certificates
Am I missing something here?
Can you look at the event log of the CA.
Let's see what errrors we got when it tried to enroll for a cert.
Let's see what errrors we got when it tried to enroll for a cert.
Do you mean on the server that is running the CA?
if so getting event id 10016
The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{D99E6E74-FC88-11D0-B498-0
to the user OUR\SERV011$ SID (S-1-5-21-3054588571-13414
if so getting event id 10016
The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{D99E6E74-FC88-11D0-B498-0
to the user OUR\SERV011$ SID (S-1-5-21-3054588571-13414
That error on technet indicates a resolution:
http://technet.microsoft.com/en-us/library/cc726313%28v=ws.10%29.aspx
I however still think this looks like an enrollment error, you can give the MS fix a try.
Also what is the state of the certificate services in the service control panel on the CA server ?
http://technet.microsoft.com/en-us/library/cc726313%28v=ws.10%29.aspx
I however still think this looks like an enrollment error, you can give the MS fix a try.
Also what is the state of the certificate services in the service control panel on the CA server ?
Thanks
That relates to Windows 2008 servers this is Windows 2003
No comexp.msc file on my system
No REvoked Certificates
Issued Certificates are all green
No Pending Certificates
No Failed Certificates
That relates to Windows 2008 servers this is Windows 2003
No comexp.msc file on my system
No REvoked Certificates
Issued Certificates are all green
No Pending Certificates
No Failed Certificates
I came across this on a previous question on here:
http://www.experts-exchange.com/Security/Misc/Q_25097848.html
Did you verify the state of the service on the CA ?
http://www.experts-exchange.com/Security/Misc/Q_25097848.html
Did you verify the state of the service on the CA ?
Premium Content
You need an Expert Office subscription to comment.Start Free Trial