Domain Controller Autoenrollment Fails

TheMSsForum.com: The Microsoft Software Forum

I just installed a Win2k3 server as a second domain controller (the first
server is also running win2k3). Autoenrollment is enable in directory
services for domain controllers with the standard domain controller
certificate but autoenrollment fails with Event 13:
Automatic certificate enrollment for local system failed to enroll for one
Domain Controller Authentication certificate (0x80070005). Access is denied.

Any ideas? Thanks in advance.
Top

RE: Domain Controller Autoenrollment Fails by WongTuckWah

WongTuckWah
Thu Aug 04 23:12:01 CDT 2005

Seems like it is a DNS naming issue.

Check on the second DC whether it can resolve the dns name of the 1st DC.

HTH.
Top

Re: Domain Controller Autoenrollment Fails by David

David
Fri Aug 05 07:19:09 CDT 2005

Have you checked the CA for errors in the application log? The request was
probably rejected for a config issue with the template, etc. and the event
log on the CA is pretty descritpive in describing the problems when a
request failed.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.



"Wong Tuck Wah" <WongTuckWah@discussions.microsoft.com> wrote in message
news:20AA39A3-40AE-40BE-8677-27084744EAEF@microsoft.com...
> Seems like it is a DNS naming issue.
>
> Check on the second DC whether it can resolve the dns name of the 1st DC.
>
> HTH.


Top

Re: Domain Controller Autoenrollment Fails by wbranscombe

wbranscombe
Fri Sep 30 09:48:11 CDT 2005


We had to add the "domain controllers" group to the
"CERTSVC_DCOM_ACCESS" group that was apparently added by 2k3 sp1.

our environment:
domain - 2k3 std. sp1, top function level, upgraded in place from 2k
CERTSVC_DCOM_ACCESS had dom users and dom computers

Hope this helps,
Wayne


--
wbranscombe
------------------------------------------------------------------------
wbranscombe's Profile: http://www.64bit-world.com/forums/member.php?u=1392
View this thread: http://www.64bit-world.com/forums/showthread.php?t=6270

Top

Re: Domain Controller Autoenrollment Fails by schneis

schneis
Fri Oct 07 21:24:06 CDT 2005


Thank you! I was experiencing this exact problem and adding the Domain
Controllers group to the CERTSVC_DCOM_ACCESS solved the problem!


--
schneis
------------------------------------------------------------------------
schneis's Profile: http://www.64bit-world.com/forums/member.php?u=1438
View this thread: http://www.64bit-world.com/forums/showthread.php?t=6270

Top