Re: LDAP over SSL

Thanks for the repy.

Somehow I missed errors in the Application log for AutoEnrollment like the
below.

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: date
Time: time
User: N/A
Computer: computer_name
Description: Automatic certificate enrollment for local system failed to
enroll for one Directory Email Replication certificate (0x80070005). Access
is denied. For more information, see Help and Support Center at
http://support.microsoft.com.

All is now sorted thanks to:

http://support.microsoft.com/kb/903220

"Jorge de Almeida Pinto [MVP - DS]" wrote:

either rebooting the machine OR executing GPUPDATE /FORCE should kick the
enrollment process

also check the event log for any errors

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"jmedd" <jmedd@xxxxxxxxxxxxxxxx> wrote in message
news:D10CBA72-F464-4E84-A5FC-87948CB75F84@xxxxxxxxxxxxxxxx
In our lab environment I have implemented the below on a Win2K3 DC:

http://support.microsoft.com/kb/247078

In the article it states:

'All Domain Controllers in the forest will automatically enroll for and
install the appropriate certificate'

The domain controller certificate is present on the DC where I have
installed the CA and I can connect LDP on port 636.

However, no certificate is appearing on the second DC. Is there something
I
need to do to kickstart the process?


.

Relevant Pages

  • Autoenrollment error 6
    ... We have in our DCs in the eventlog the autoenrollment error 6 with the ... "Automatic certificate enrollment for local system could not find a valid ... the "group policy automatic enrollment object"? ...
    (microsoft.public.platformsdk.security)
  • Re: install a renewed certificate in "My" store
    ... enrollment pages on the CA, the MMC will not know to perform the association ... Windows Server 2003 advanced certificate enrollment whitepaper: ... Best Practices for implementing Windows Server 2003 PKI: ... > I'm looking for a possibility for our users to install renewed> certificates. ...
    (microsoft.public.platformsdk.security)
  • Autoenrollment error number 6
    ... We have in our DCs in the eventlog the autoenrollment error 6 with the ... "Automatic certificate enrollment for local system could not find a valid ... the "group policy automatic enrollment object"? ...
    (microsoft.public.windows.server.security)
  • Re: Error enrolling machine certs
    ... Make sure that you have enable autoenrollment via Group Policy for computer ... For autoenrollment you either need to use a version 2 certificate template ... Automatic certificate enrollment for local system failed to ...
    (microsoft.public.windows.server.security)
  • Re: install a renewed certificate in "My" store
    ... > enrollment pages on the CA, the MMC will not know to perform the association ... download the certificate via http://ca3.gwdg.de/certs/. ... via clicking the right mouse button and choosing "install certificate". ... that there is a public key to the ...
    (microsoft.public.platformsdk.security)