RE: Auto Enrollment not working for one DC
- From: joewu@xxxxxxxxxxxxxxxxxxxx ("Joe Wu [MSFT]")
- Date: Wed, 02 Jan 2008 09:39:07 GMT
Hello,
Thank you for your post, and also thanks to Jorge's inputs.
Are there two DCs in the same domain, or DCs in different domains?
Please check the following:
1. Ensure the computer account of both DCs have full control to the Domain
Controller certificate template.
You can run certtmpl.msc on the CA server and then assign the permissions.
2. Generally, the new CERTSVC_DCOM_ACCESS security group should be
generated if the DC applies Windows Server 2003 SP1. Please check whether
this account exists.
If you can find it, we can have Certificate Services update the DCOM
security settings by running the following commands:
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc
Hope this helps. Thanks!
Regards,
Joe Wu
Microsoft Online Partner Support
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
.
- Follow-Ups:
- RE: Auto Enrollment not working for one DC
- From: Baboon
- RE: Auto Enrollment not working for one DC
- Prev by Date: Re: Auto Enrollment not working for one DC
- Next by Date: two domains, two sites
- Previous by thread: Re: Auto Enrollment not working for one DC
- Next by thread: RE: Auto Enrollment not working for one DC
- Index(es):
Relevant Pages
|
