Re: Event ID 13 - automatic certificate enrollment error
- From: "Jaycee" <jaycee131973@xxxxxxxxxxx>
- Date: Thu, 15 Dec 2005 15:01:38 -0500
I'm having problems understanding how to set permissions. When I open the
MMC for the certificate authority I can see the certificate templates folder
and when I select it I can then see Domain Controller on the right-side
pane. However, when I view the properties it doesn't have a permissions
tab.
However, if I right click the certificate templates folder and select manage
I can see the template Domain Controller. My network is running Windows
2003 and all Domain controllers are running Windows 2003. For the Domain
Controller template it states minimum supported CA is Windows 2000 and
autoenrollment is set to Not Allowed.
Under the security tab for this template it lists the following:
Authenticated Users: READ
Domain Admins: READ, WRITE, ENROLL
Domain Controllers: READ, ENROLL
Enterprise Admins READ, WRITE, ENROLL
Enterprise Domain Controllers: READ, ENROLL
Any advice on these permissions settings would be appreciated.
Thanks.
<skrubbeltrang@xxxxxxxxx> wrote in message
news:1134674956.549145.326050@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi Jaycee.
>
> If you check the Microsoft Events and Errors Message Center you'll find
> the following suggestions:
>
> No network connectivity is available
> No domain controller was found
> No certificate authorities are available
> No certificate templates contain the READ and ENROLL permission for to
> the computer or user in Active Directory
>
> You should check the above:
> Most likely you should check the permissions on the domain controller
> certificate template - the access denied implies that there is
> connectivity but ACL's on the template are wrong.
> It could also be that you removed the template from the list of
> certificates issued by the server?
> To check connectivity use telnet to test for TCP port 135 as well as
> the dynamically assigned certificate services port (use netstat -na on
> the CA to find the port).
>
> You'll find links for the Microsoft Events and Errors Message Center
> and other resources on
>
> http://grubletrang.com/GrubleKB.aspx
>
> Hope this helps you solve your problem.
>
> Kind regards
> Morten Skrubbeltrang
> GrubleTrang Corporation
>
>
> Jaycee wrote:
>> I'm receiving the following event:
>>
>> Event Type: Error
>> Event Source: AutoEnrollment
>> Event Category: None
>> Event ID: 13
>> Computer: SERVER01
>> Description:
>> Automatic certificate enrollment for local system failed to enroll for
>> one
>> Domain Controller certificate (0x80070005). Access is denied.
>>
>> When I open the certificates MMC and manually renew the Domain Controller
>> certificate with the same key I receive the following error:
>>
>> The certificate request failed because of one of the following
>> conditions:
>> - The certificate request was submitted to a Certification Authority (CA)
>> that is not started.
>> - You do not have permissions to request certificates from the available
>> CAs.
>>
>> The CA is started. Anyone have any ideas on how to fix this one?
>>
>> Thanks.
>
.
- Follow-Ups:
- Re: Event ID 13 - automatic certificate enrollment error
- From: Chris Patterson
- Re: Event ID 13 - automatic certificate enrollment error
- References:
- Event ID 13 - automatic certificate enrollment error
- From: Jaycee
- Re: Event ID 13 - automatic certificate enrollment error
- From: skrubbeltrang
- Event ID 13 - automatic certificate enrollment error
- Prev by Date: Microsoft
- Next by Date: Re: get attributes from AD about GPO scripts
- Previous by thread: Re: Event ID 13 - automatic certificate enrollment error
- Next by thread: Re: Event ID 13 - automatic certificate enrollment error
- Index(es):
Relevant Pages
|
