Re: Event ID 13 - automatic certificate enrollment error

Hi Jaycee.

If you check the Microsoft Events and Errors Message Center you'll find
the following suggestions:

No network connectivity is available
No domain controller was found
No certificate authorities are available
No certificate templates contain the READ and ENROLL permission for to
the computer or user in Active Directory

You should check the above:
Most likely you should check the permissions on the domain controller
certificate template - the access denied implies that there is
connectivity but ACL's on the template are wrong.
It could also be that you removed the template from the list of
certificates issued by the server?
To check connectivity use telnet to test for TCP port 135 as well as
the dynamically assigned certificate services port (use netstat -na on
the CA to find the port).

You'll find links for the Microsoft Events and Errors Message Center
and other resources on

http://grubletrang.com/GrubleKB.aspx

Hope this helps you solve your problem.

Kind regards
Morten Skrubbeltrang
GrubleTrang Corporation


Jaycee wrote:
> I'm receiving the following event:
>
> Event Type: Error
> Event Source: AutoEnrollment
> Event Category: None
> Event ID: 13
> Computer: SERVER01
> Description:
> Automatic certificate enrollment for local system failed to enroll for one
> Domain Controller certificate (0x80070005). Access is denied.
>
> When I open the certificates MMC and manually renew the Domain Controller
> certificate with the same key I receive the following error:
>
> The certificate request failed because of one of the following conditions:
> - The certificate request was submitted to a Certification Authority (CA)
> that is not started.
> - You do not have permissions to request certificates from the available
> CAs.
>
> The CA is started. Anyone have any ideas on how to fix this one?
>
> Thanks.

.

Relevant Pages

  • Re: Event ID 13 - automatic certificate enrollment error
    ... add Domain Controllers to it and check enroll ... > MMC for the certificate authority I can see the certificate templates ... > folder and when I select it I can then see Domain Controller on the ... > manage I can see the template Domain Controller. ...
    (microsoft.public.windows.server.active_directory)
  • Autoenrollment Failure (0x80070005) - Additional help reqd.
    ... apply the fix recommended. ... One of the DCs is also a Certificate Server. ... >> has successfully obtained a 'Domain Controller' certificate. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Autoenrollment Failure (0x80070005) - Additional help reqd.
    ... reboot the server right now, I have to wait till 8 hours are passed by. ... > apply the fix recommended. ... > One of the DCs is also a Certificate Server. ... >>> I have an Enterprise Root CA, which resides on the first domain controller ...
    (microsoft.public.windows.server.active_directory)
  • Re: Microsoft PKI: problem with autoenrollment for domain controllers
    ... Microsoft CAs are hard coded to request the Domain Controller certificate. ... WIndows SErver 2003 introduced the Domain Controller AUthentication certificate template, ...
    (microsoft.public.windows.server.security)
  • Re: Autoenrollment of Certificates
    ... This newsgroup only focuses on SBS technical issues. ... Did you install CA on the SBS Server? ... | events which led up to the point where a new certificate was created ...
    (microsoft.public.windows.server.sbs)