Re: Problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Dear Ken,
I read article 903220 and I was not able to find the group
CERTSVC_DCOM_ACCESS. While I had already performed the steps on article
899148
Do you know where the group CERTSVC_DCOM_ACCESS is located ?

Thank you for your help
Carlo




""Ken Zhao [MSFT]"" <v-kzhao@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:nHq9ePRmGHA.4164@xxxxxxxxxxxxxxxxxxxxxxxx
Hello Carlo,

Thank you for using newsgroup!

Based on my research, Windows Server 2003 SP1 introduces some enhanced
default security settings for the DCOM protocol. Specifically, Windows
Server 2003 SP1 introduces rights that give an administrator independent
control over local and remote permissions for starting COM servers,
activating COM server settings, and accessing COM servers.

Windows Server 2003 certificate services uses the DCOM protocol to provide
enrollment and administration services. Certificate services provides
several DCOM interfaces to make enrollment and administration services
available. For correct access and usage of these services, certificate
services assumes that the DCOM interfaces are set to enable remote
activation and access permissions. However, because default security
settings for DCOM are applied when you upgrade to Windows Server 2003 SP1,
you may have to update these security settings to make sure that
enrollment
and administration services are available.

By default, all DCOM interfaces in Windows Server 2003 SP1 are configured
to grant remote access permissions, remote launch permissions, and remote
activation permissions to administrators. However, when you upgrade to
Windows Server 2003 SP1, security configuration changes are made to the
global DCOM interface and to the CertSrv Request DCOM interface. These
changes are made to enable certificate services to work correctly.

For more related information, you may refer to:

903220: Description of the changes to DCOM security settings after you
install Windows Server 2003 Service Pack 1
http://support.microsoft.com/default.aspx?scid=kb;EN-US;903220

If the problem still occurs, also please try the methods in the following
article:

899148: Some firewalls may reject network traffic that originates from
Windows Server 2003 Service Pack 1-based computers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;899148

Hope that helps!

Thanks & Regards,

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.





--------------------
| From: "IPGRI" <carlettus@xxxxxxxxxxxxxx>
| Subject: Problem
| Date: Mon, 26 Jun 2006 08:22:22 +0200
| Lines: 23
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uzyujjOmGHA.1676@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.active_directory
| NNTP-Posting-Host: 83-103-94-4.ip.fastwebnet.it 83.103.94.4
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.active_directory:77768
| X-Tomcat-NG: microsoft.public.windows.server.active_directory
|
| Dear All,
| I have the following error message on my Domain Controllers after I have
| installed SP1 on Windows 2003. I hope you can help me.
|
| Event Type: Error
| Event Source: AutoEnrollment
| Event Category: None
| Event ID: 13
| Date: 6/26/2006
| Time: 7:47:08 AM
| User: N/A
| Computer: SERVER2
| Description:
| Automatic certificate enrollment for local system failed to enroll for
one
| Domain Controller certificate (0x800706ba). The RPC server is
unavailable.
|
| Please note that It is very strange because there are no cert autority
on
| my domain.
|
| thank you for your help
| CArlo
|
|
|



.

Relevant Pages

  • Re: Promoting 2003 Server to DC
    ... Uninstalling SP1 or demoting to a member server fixes ... > there a fix so that I can install SP1 and keep this machine as a DC? ... unless that website posts replies back to the original Microsoft forum. ... Microsoft MVP - Windows Server Directory Services ...
    (microsoft.public.win2000.active_directory)
  • File-Browse Dialog Responds Very Slowly in IE over High Latency Link
    ... OS: Windows Server 2003, SP1 ... HOWEVER, the system is to be used over a high latency, satellite ... Sometimes taking several minutes to return the file path to the web-page containing the file input field. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: WSUS SP1
    ... I was referring to when several people downloaded the SP1 release for Windows server 2003, which was specifically NOT to be used with SBS. ... My concern is telling WSUS to check for Windows Server 2003 updates, and then knowing which of those are OK to install on SBS 2003. ...
    (microsoft.public.windows.server.sbs)
  • OWA POP3 IMAP slow failure on internet connection
    ... i have exchange server 2003 w/ sp2 running on a windows server 2003 w/ ... recently (either after install windows server sp1 or exchange sp2 or ...
    (microsoft.public.exchange.connectivity)
  • Re: Auto restart after logoff?
    ... SP1 fixes a lot of STOP errors. ... MCSE, CCEA, Microsoft MVP - Terminal Server ... SQL troubleshooting: http://sql.veranoest.net ... Windows Server 2003 Troubleshooting Stop Errors ...
    (microsoft.public.windows.terminal_services)