Re: AutoEnrollment DCs
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Tue, 4 Dec 2007 07:49:47 -0600
Did you add the Domain Controllers security group to the CERTSVC_DCOM_ACCESS
security group?
+++++++++++++
If the certification authority is installed on a domain controller,
CERTSVC_DCOM_ACCESS is created as a domain local group. The Domain Users
security group and the Domain Computers security group from the
certification authority's domain are added to CERTSVC_DCOM_ACCESS. If domain
controllers need access to this interface to request certificates from the
certification authority, you must add the Domain Controllers security group.
You must do this because domain controllers are not part of the Domain
Computers security group.
+++++++++++++
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Leezy" <leezy@xxxxxxxx> wrote in message
news:OU42l9iNIHA.5160@xxxxxxxxxxxxxxxxxxxxxxx
The article is unclear of certain part. where do i locate the Dcom ? in
the server holding the certificate? is that dcom refering to component
services?
my cert server is on DC-01
my problem server is DC-02
where should i go to tackle the autoenrollment problem on DC-02?
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:e2XGrRbNIHA.5360@xxxxxxxxxxxxxxxxxxxxxxx
If domain controllers need access to this interface to request
certificates from the certification authority, you must add the Domain
Controllers security group. You must do this because domain controllers
are not part of the Domain Computers security group.
See
http://support.microsoft.com/default.aspx?scid=kb;en-us;903220
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Leezy" <leezy@xxxxxxxx> wrote in message
news:OkJzDMYNIHA.5224@xxxxxxxxxxxxxxxxxxxxxxx
I am getting these 2 errors here on my server.
PDC has no problem with this, only 2nd DC has this error...
anyidea how to get rid of it ?
Thanks
leezy
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: 12/2/2007
Time: 11:23:00 PM
User: N/A
Computer: KNB-DC-02
Description:
Automatic certificate enrollment for local system failed to enroll for
one Domain Controller certificate (0x80070005). Access is denied.
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 16
Date: 12/3/2007
Time: 7:22:59 AM
User: N/A
Computer: KNB-DC-02
Description:
Automatic certificate enrollment for local system failed to renew one
Domain Controller certificate (0x80070005). Access is denied.
.
- Follow-Ups:
- Re: AutoEnrollment DCs
- From: Leezy
- Re: AutoEnrollment DCs
- References:
- AutoEnrollment DCs
- From: Leezy
- Re: AutoEnrollment DCs
- From: Paul Bergson [MVP-DS]
- Re: AutoEnrollment DCs
- From: Leezy
- AutoEnrollment DCs
- Prev by Date: mapping user home folder some times goes to parent folder
- Next by Date: Re: Sysvol issues.....
- Previous by thread: Re: AutoEnrollment DCs
- Next by thread: Re: AutoEnrollment DCs
- Index(es):
Relevant Pages
|
