asked on Event ID 13 16 10006 and 10016 on Windows 2003 DC's
Windows 2003 Server SP2 Enterprise Edition
I have 2 (two) DC's both the same as above
Been running great for a long time
All of a sudden I am getting these errors
On DC1
Event ID 16 AutoEnrollment
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Event ID 13 AutoEnrollment
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Event ID 10006 DCOM
DCOM got error "%2147942405" from the computer serv012.our.network.mydoma
activate the server:
{D99E6E74-FC88-11D0-B498-0
On DC2 This DC hold all the Roles and Runs CertMGR
Event ID 10016 DCOM
The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{D99E6E74-FC88-11D0-B498-0
to the user OUR\SERV011$ SID (S-1-5-21-3054588571-13414
How can I fix this?
Thanks for any help
I have 2 (two) DC's both the same as above
Been running great for a long time
All of a sudden I am getting these errors
On DC1
Event ID 16 AutoEnrollment
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Event ID 13 AutoEnrollment
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Event ID 10006 DCOM
DCOM got error "%2147942405" from the computer serv012.our.network.mydoma
activate the server:
{D99E6E74-FC88-11D0-B498-0
On DC2 This DC hold all the Roles and Runs CertMGR
Event ID 10016 DCOM
The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{D99E6E74-FC88-11D0-B498-0
to the user OUR\SERV011$ SID (S-1-5-21-3054588571-13414
How can I fix this?
Thanks for any help
Windows Server 2003Active Directory
Last Comment
Member_2_6492660_1
ASKER
Following are members of CERTSRV_DCOM_ACCESS
Domain Computers
Domain Controllers
Domain Users
I hope you meant check Certification Authority
The security tab has
Administrators Issue and Manage Certificates and Manage CA
Authenticated Users Issue and Manage Certificates and Manage CA
Domain Admins Issue and Manage Certificates and Manage CA
Enterprise Admins Issue and Manage Certificates and Manage CA
That's it any thing missing or wrong.
Nothing has changed in a long long time
Domain Computers
Domain Controllers
Domain Users
I hope you meant check Certification Authority
The security tab has
Administrators Issue and Manage Certificates and Manage CA
Authenticated Users Issue and Manage Certificates and Manage CA
Domain Admins Issue and Manage Certificates and Manage CA
Enterprise Admins Issue and Manage Certificates and Manage CA
That's it any thing missing or wrong.
Nothing has changed in a long long time
Please grant Read & Enroll permissions to Domain computers.
Once done you can try rebooting your DC it should automatically enroll.
Once done you can try rebooting your DC it should automatically enroll.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
Thanks for responding
Only permissions I have to select from are
Read
Issue and Manage Certificates
Manage CA
Request Certificates
Am I missing something here?
Only permissions I have to select from are
Read
Issue and Manage Certificates
Manage CA
Request Certificates
Am I missing something here?
Request Certificates - Enroll
Read - Read
Read - Read
ASKER
Ok added Read and Request Certificates
Restart Both DC's or just the one with event 13 and 16?
Restart Both DC's or just the one with event 13 and 16?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Just the one with 13 and 16
ASKER
Great thanks will schedule for later have users on now.
ASKER
becraig
I was able to restart the DC
after restart the same errors appears event id 13 and 16
I was able to restart the DC
after restart the same errors appears event id 13 and 16
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Can you look at the event log of the CA.
Let's see what errrors we got when it tried to enroll for a cert.
Let's see what errrors we got when it tried to enroll for a cert.
ASKER
Do you mean on the server that is running the CA?
if so getting event id 10016
The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{D99E6E74-FC88-11D0-B498-0
to the user OUR\SERV011$ SID (S-1-5-21-3054588571-13414
if so getting event id 10016
The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{D99E6E74-FC88-11D0-B498-0
to the user OUR\SERV011$ SID (S-1-5-21-3054588571-13414
That error on technet indicates a resolution:
http://technet.microsoft.com/en-us/library/cc726313%28v=ws.10%29.aspx
I however still think this looks like an enrollment error, you can give the MS fix a try.
Also what is the state of the certificate services in the service control panel on the CA server ?
http://technet.microsoft.com/en-us/library/cc726313%28v=ws.10%29.aspx
I however still think this looks like an enrollment error, you can give the MS fix a try.
Also what is the state of the certificate services in the service control panel on the CA server ?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Also just to add additional info what do you see in
c:\windows\system32\CertEn
c:\windows\system32\CertEn
ASKER
Thanks
That relates to Windows 2008 servers this is Windows 2003
No comexp.msc file on my system
No REvoked Certificates
Issued Certificates are all green
No Pending Certificates
No Failed Certificates
That relates to Windows 2008 servers this is Windows 2003
No comexp.msc file on my system
No REvoked Certificates
Issued Certificates are all green
No Pending Certificates
No Failed Certificates
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Thanks
The setting was default so I changed it per the article above.
Have to bounce both servers now
But not till the weekend
The setting was default so I changed it per the article above.
Have to bounce both servers now
But not till the weekend
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Ok keep me posted
ASKER
Did not have to restart the servers looks like the change fixed the problems over 24 hours no messages.
MS sent an update out today need to restart servers will do this weekend.
thanks for your help
MS sent an update out today need to restart servers will do this weekend.
thanks for your help
CERTSRV_DCOM_ACCESS
Please also verify that the correct permissions are on DC
go to the certificate authority manager and go to the properties of your ca go to the security tab and ensure that you allow computers to read and request certificates.