PLEASE HELP: Autoenrollment Failure (0x80070005) for Additional Domain Controller W2K3

Hi,

I'm in the process of performing my final test deployment of a Windows
Server 2003 Active Directory network.

I have an Enterprise Root CA, which resides on the first domain controller
SERVER01 (this is also a Global Catalog server) and this Domain Controller
has successfully obtained a 'Domain Controller' certificate. But the second
domain controller SERVER02 has not been able to obtain a 'Domain Controller'
certificate. When this second domain controller starts up, it logs the
following entry in the 'Application' event log:

Source: Autoenrollment
Event ID: 13

Autoenrollment certificate for the local system failed to enroll for one
Domain Controller certificate (0x80070005). Access is denied

I have checked the TCP/IP configiration of the two domain controllers, both
servers are on the same IP network; a 10.1.0.0/24 network;

SERVER01 - has the IP address - 10.1.0.1/24
SERVER02 - has the IP address - 10.1.0.2/24

I have seen that both of the domain controllers are located in the
'DOMAIN\Domain Controllers' security group and this group has the default
permissions to the 'Domain Controller Authentication' certificare template
(Enroll and Autoenroll set to Allow).

The rest of the configuration is the default configuration. The domain
controllers and all servers are running Windows Server 2003 SP1. I have
other servers, which all pickup their certificates without any issues, but
no matter how many times I reboot this second domain controller it fails to
get a certificate.

I have performed a load of searches on the Knowledgebase and TechNet, but I
can't find any article.

Many thanks in advance for any solutions/advice will be most apprecaited.



.

Relevant Pages

  • RE: Strange Irregular DNS/Networking Problems
    ... My network is not a complicated set up and only has one domain controller. ... problems with DNS resolving after changing DNS servers. ... I was already using the server for DHCP. ...
    (microsoft.public.windows.server.dns)
  • RE: SSL for Exchange stops WSUS
    ... detect your current network configuration settings or you never run CEICW ... configuring ISA Server 2000 as a gateway server, firewall, and web caching ... This newsgroup only focuses on SBS technical issues. ... How you added a certificate to the default web site? ...
    (microsoft.public.windows.server.sbs)
  • RE: Strange Irregular DNS/Networking Problems
    ... Disable offloading in the network adapter properties ... After doing this on the server and the client it seems to have fixed ... Tested with just one client and the domain controller on the ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.server.dns)
  • RE: Strange Irregular DNS/Networking Problems
    ... Disable offloading in the network adapter properties ... After disabling all these things file transfers across the network are a lot ... My network is not a complicated set up and only has one domain controller. ... I tried doing a net stop server after the network stalled as from an article ...
    (microsoft.public.windows.server.dns)
  • Re: IPSec / domain isolation: confusing MS documents
    ... workstation, he is able to attach to server ressources again, but for our ... The user right for access this computer from the network ... will not work for computer accounts unless ipsec is being used. ... securing a domain controller. ...
    (microsoft.public.windows.server.security)