Re: Autoenrollment Failure (0x80070005) - Additional help req'd.

Thanks for the tip. I followed up you your suggestion. It looks like it
was/is running on our system (To tell you the truth I didn't event know those
options were there). I'll try plugging away at the issue. Please let me
know if you resolve yours.

"Ton" wrote:

> We have the same problem, 5 domain controllers got the domain
> controller certificate, 1 dc got event id 13 every 8 hours. I also
> couldn't use "certutil -ping -config <servername>". Every time I got
> the access denied message.
>
> In my case the solution, at least for the ping, was the DCOM
> configuration. The DCOM wasn't running! In the start menu, choose
> programs, administrative tools, component services.
> Then click component services, computers and properties of my computer.
> Tab default properties and check enable distributed com on this
> computer.
>
> I don't know yet if the event id 13 will not come up again, I can't
> reboot the server right now, I have to wait till 8 hours are passed by.
>
> Maybe this can help you....
>
>
>
>
> Nick-Mars schreef:
>
> > I hope this thread is still open...
> >
> > I've encountered the error mentioned in this post and have attempted to
> > apply the fix recommended. We have several DCs, some running SP1, some not.
> > One of the DCs is also a Certificate Server. On the DC that is a certificate
> > server we are not getting the error in the event log but I ran the fix on
> > that system. Seemed to run successfully.
> >
> > On another DC, the "PDC" for the domain, ran the fix and encountered the
> > error:
> > CertUtil: -setreg command FAILED: 0x80070002 (WIN32: 2)
> > CertUtil: The system cannot find the file specified.
> > This DC continues to get the error in the event viewer.
> > This DC did not have SP1 applied yet. Do I need to apply the SP and then
> > run the fix?
> >
> > On another DC, running SP1, applied the fix. Didn't seem to change
> > anything. The DC was not a Certificate Server. However, this DC continues
> > to report the error in the event viewer.
> >
> > Help will be appreciated.
> >
> >
> >
> > "Neil Hobbs" wrote:
> >
> > > Its been fixed in SP1, please see the following support article
> > >
> > > http://support.microsoft.com/default.aspx?scid=kb;en-us;903220
> > >
> > >
> > >
> > > "Neil Hobbs" <neil.hobbs@xxxxxxxxxxxxxxxxxxx> wrote in message
> > > news:e%23XyY1r7FHA.1864@xxxxxxxxxxxxxxxxxxxxxxx
> > > > Hi,
> > > >
> > > > I'm in the process of performing my final test deployment of a Windows
> > > > Server 2003 Active Directory network.
> > > >
> > > > I have an Enterprise Root CA, which resides on the first domain controller
> > > > SERVER01 (this is also a Global Catalog server) and this Domain Controller
> > > > has successfully obtained a 'Domain Controller' certificate. But the
> > > > second domain controller SERVER02 has not been able to obtain a 'Domain
> > > > Controller' certificate. When this second domain controller starts up, it
> > > > logs the following entry in the 'Application' event log:
> > > >
> > > > Source: Autoenrollment
> > > > Event ID: 13
> > > >
> > > > Autoenrollment certificate for the local system failed to enroll for one
> > > > Domain Controller certificate (0x80070005). Access is denied
> > > >
> > > > I have checked the TCP/IP configiration of the two domain controllers,
> > > > both servers are on the same IP network; a 10.1.0.0/24 network;
> > > >
> > > > SERVER01 - has the IP address - 10.1.0.1/24
> > > > SERVER02 - has the IP address - 10.1.0.2/24
> > > >
> > > > I have seen that both of the domain controllers are located in the
> > > > 'DOMAIN\Domain Controllers' security group and this group has the default
> > > > permissions to the 'Domain Controller Authentication' certificare template
> > > > (Enroll and Autoenroll set to Allow).
> > > >
> > > > The rest of the configuration is the default configuration. The domain
> > > > controllers and all servers are running Windows Server 2003 SP1. I have
> > > > other servers, which all pickup their certificates without any issues, but
> > > > no matter how many times I reboot this second domain controller it fails
> > > > to get a certificate.
> > > >
> > > > I have performed a load of searches on the Knowledgebase and TechNet, but
> > > > I can't find any article.
> > > >
> > > > Many thanks in advance for any solutions/advice will be most apprecaited.
> > > >
> > > >
> > >
> > >
> > >
>
>
.