Re: Autoenrollment Failure (0x80070005) - Additional help req'd.

We have the same problem, 5 domain controllers got the domain
controller certificate, 1 dc got event id 13 every 8 hours. I also
couldn't use "certutil -ping -config <servername>". Every time I got
the access denied message.

In my case the solution, at least for the ping, was the DCOM
configuration. The DCOM wasn't running! In the start menu, choose
programs, administrative tools, component services.
Then click component services, computers and properties of my computer.
Tab default properties and check enable distributed com on this
computer.

I don't know yet if the event id 13 will not come up again, I can't
reboot the server right now, I have to wait till 8 hours are passed by.

Maybe this can help you....




Nick-Mars schreef:

> I hope this thread is still open...
>
> I've encountered the error mentioned in this post and have attempted to
> apply the fix recommended. We have several DCs, some running SP1, some not.
> One of the DCs is also a Certificate Server. On the DC that is a certificate
> server we are not getting the error in the event log but I ran the fix on
> that system. Seemed to run successfully.
>
> On another DC, the "PDC" for the domain, ran the fix and encountered the
> error:
> CertUtil: -setreg command FAILED: 0x80070002 (WIN32: 2)
> CertUtil: The system cannot find the file specified.
> This DC continues to get the error in the event viewer.
> This DC did not have SP1 applied yet. Do I need to apply the SP and then
> run the fix?
>
> On another DC, running SP1, applied the fix. Didn't seem to change
> anything. The DC was not a Certificate Server. However, this DC continues
> to report the error in the event viewer.
>
> Help will be appreciated.
>
>
>
> "Neil Hobbs" wrote:
>
> > Its been fixed in SP1, please see the following support article
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;903220
> >
> >
> >
> > "Neil Hobbs" <neil.hobbs@xxxxxxxxxxxxxxxxxxx> wrote in message
> > news:e%23XyY1r7FHA.1864@xxxxxxxxxxxxxxxxxxxxxxx
> > > Hi,
> > >
> > > I'm in the process of performing my final test deployment of a Windows
> > > Server 2003 Active Directory network.
> > >
> > > I have an Enterprise Root CA, which resides on the first domain controller
> > > SERVER01 (this is also a Global Catalog server) and this Domain Controller
> > > has successfully obtained a 'Domain Controller' certificate. But the
> > > second domain controller SERVER02 has not been able to obtain a 'Domain
> > > Controller' certificate. When this second domain controller starts up, it
> > > logs the following entry in the 'Application' event log:
> > >
> > > Source: Autoenrollment
> > > Event ID: 13
> > >
> > > Autoenrollment certificate for the local system failed to enroll for one
> > > Domain Controller certificate (0x80070005). Access is denied
> > >
> > > I have checked the TCP/IP configiration of the two domain controllers,
> > > both servers are on the same IP network; a 10.1.0.0/24 network;
> > >
> > > SERVER01 - has the IP address - 10.1.0.1/24
> > > SERVER02 - has the IP address - 10.1.0.2/24
> > >
> > > I have seen that both of the domain controllers are located in the
> > > 'DOMAIN\Domain Controllers' security group and this group has the default
> > > permissions to the 'Domain Controller Authentication' certificare template
> > > (Enroll and Autoenroll set to Allow).
> > >
> > > The rest of the configuration is the default configuration. The domain
> > > controllers and all servers are running Windows Server 2003 SP1. I have
> > > other servers, which all pickup their certificates without any issues, but
> > > no matter how many times I reboot this second domain controller it fails
> > > to get a certificate.
> > >
> > > I have performed a load of searches on the Knowledgebase and TechNet, but
> > > I can't find any article.
> > >
> > > Many thanks in advance for any solutions/advice will be most apprecaited.
> > >
> > >
> >
> >
> >

.

Relevant Pages