Re: PLEASE HELP: Autoenrollment Failure (0x80070005) for Additional Domain Controller W2K3

I've just found this support article...

http://support.microsoft.com/default.aspx?scid=kb;en-us;903220

Its been fixed in SP1...



"Neil Hobbs" <neil.hobbs@xxxxxxxxxxxxxxxxxxx> wrote in message
news:ejVSS2r7FHA.3876@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> I'm in the process of performing my final test deployment of a Windows
> Server 2003 Active Directory network.
>
> I have an Enterprise Root CA, which resides on the first domain controller
> SERVER01 (this is also a Global Catalog server) and this Domain Controller
> has successfully obtained a 'Domain Controller' certificate. But the
> second
> domain controller SERVER02 has not been able to obtain a 'Domain
> Controller'
> certificate. When this second domain controller starts up, it logs the
> following entry in the 'Application' event log:
>
> Source: Autoenrollment
> Event ID: 13
>
> Autoenrollment certificate for the local system failed to enroll for one
> Domain Controller certificate (0x80070005). Access is denied
>
> I have checked the TCP/IP configiration of the two domain controllers,
> both
> servers are on the same IP network; a 10.1.0.0/24 network;
>
> SERVER01 - has the IP address - 10.1.0.1/24
> SERVER02 - has the IP address - 10.1.0.2/24
>
> I have seen that both of the domain controllers are located in the
> 'DOMAIN\Domain Controllers' security group and this group has the default
> permissions to the 'Domain Controller Authentication' certificare template
> (Enroll and Autoenroll set to Allow).
>
> The rest of the configuration is the default configuration. The domain
> controllers and all servers are running Windows Server 2003 SP1. I have
> other servers, which all pickup their certificates without any issues, but
> no matter how many times I reboot this second domain controller it fails
> to
> get a certificate.
>
> I have performed a load of searches on the Knowledgebase and TechNet, but
> I
> can't find any article.
>
> Many thanks in advance for any solutions/advice will be most apprecaited.
>
>
>


.

Relevant Pages

  • Re: Print error after loading SP1 on Windows 2003
    ... corrupted printer ports configuration after applying the SP1. ... | the boot of the server, after that it seems Ok and we print fine. ... |> locate the domain controller or could not bind to the directory service ... The CAB file will contain the reports ...
    (microsoft.public.win2000.general)
  • Re: Print error after loading SP1 on Windows 2003
    ... speed of the login after the server boots up. ... > corrupted printer ports configuration after applying the SP1. ... > |> locate the domain controller or could not bind to the directory ... > |> Microsoft Online Partner Support ...
    (microsoft.public.win2000.general)
  • Re: Client performance problem windows 2003 server...
    ... >Subject: Re: Client performance problem windows 2003 server... ... >Deploying Active Directory for Branch Office Environments ... >results from not having a domain controller in a particular site. ... incorrectly applied site coverage will be bad for clients ...
    (microsoft.public.windows.server.networking)
  • Re: Client performance problem windows 2003 server...
    ... Testing server: Verkstadsgatan\VERKTYG ... Deploying Active Directory for Branch Office Environments ... results from not having a domain controller in a particular site. ... incorrectly applied site coverage will be bad for clients ...
    (microsoft.public.windows.server.networking)
  • RE: NTDS.dit file is currupt
    ... "microsoft" wrote:> We are currently facing a serious problem with one our client server. ... > After rebooting the machine in directory services restore mode, I had> followed the steps below; ntdsutil neither defrag Active Directory Database> nor repair. ... Restart the domain controller. ... Check the integrity of the Active Directory database. ...
    (microsoft.public.win2000.active_directory)
Loading