Re: Certsrv and Autoenrollment problem
- From: v-branee@xxxxxxxxxxxxxxxxxxxx ("Brandy Nee [MSFT]")
- Date: Tue, 27 Dec 2005 06:41:05 GMT
Hello Karl,
Merry Christmas and Happy New Year!!!
I am glad to see you back and heard your have solved the issue. Actually, I
have replied your original post on 19th Dec. I am not sure whether you see
it or not.
Regarding your current issue autoenrollment and RPC filter problem, could
you please explain in detail what exact issue you are experiencing now?
Here, I have following suggestions for you, please see:
First, we install Hotfix 887222:
887222 The ISA Server RPC filter blocks RPC traffic after Windows Server
2003 Service Pack 1 is installed on a computer that is running ISA Server
2004 or ISA Server 2000
http://support.microsoft.com/?id=887222
If you are running ISA Server 2004, please install ISA Server 2004 Service
Pack 1 (SP1).
If you are running ISA Server 2000, please install hotfixes described
inside.
Secondly, apply this hotfix 897716:
897716 RPC data may be blocked, and Outlook may not start in Windows Server
http://support.microsoft.com/?id=897716
Finally, please check the KB artcle:
833704 "The certificate request failed because of one of the following
conditions" error message when you request a certificate in ISA Server 2004
http://support.microsoft.com/default.aspx?scid=kb;en-us;833704
Please take your time to perform the steps. If you have any updates, please
feel free to let me know. I am glad to be of further assistance!
Best regards,
Brandy Nee
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Karl Middleton" <nospam@xxxxxxxxxx>
>References: <#vuZ8#HBGHA.344@xxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Certsrv and Autoenrollment problem
>Date: Mon, 26 Dec 2005 19:08:10 +1100
>Lines: 150
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>X-RFC2646: Format=Flowed; Response
>Message-ID: <#cmfEOfCGHA.3812@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: 203-214-47-60.dyn.iinet.net.au 203.214.47.60
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:232420
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Got no answers to this one so I guess I must be the first!
>
>I think I solved this one myself.
>
>I loaded the certtmpl.msc console and had a look at the certificates.
Guess
>what? I got a whole lot of access denied messages. A sure indicator of
>broken security.
>
>So after finding some obscure references on eventid.net I applied the same
>logic to my problem and loaded ADSIEdit from the support tools. I
navigated
>down the Configuration tree until I found the PKI stuff. In there was an
>Active Directory listing of the certificates that also appeared in the
>certtmpl.msc console.
>
>Using a known good SBS site, I manually one by one made the security
setting
>identical between my broken server and the good server.
>
>A reboot and the problem was gone.
>
>The only issue remaining is that I am still getting the autoenrollment
>problem. If I turn off the RPC filter in ISA 2004 it goes away.However I
>suspect that turning off the RPC filter will break something else. It may
>be coincidental with my certsvc problems. IE: some certificates were due
to
>expire anyway and ISA would have blocked them anyway. I doubt that I will
be
>able to accurately determine this until the certificates next try to renew
>and consequently try to autoenroll.
>
>Can anyone shed any light on what the RPC filter and certificates issue
>might be?
>
>TIA
>Karl from Oz
>
.
- References:
- Certsrv and Autoenrollment problem
- From: Karl Middleton
- Re: Certsrv and Autoenrollment problem
- From: Karl Middleton
- Certsrv and Autoenrollment problem
- Prev by Date: Re: Clients not able to login to Domain
- Next by Date: RE: ICW error 8007005
- Previous by thread: Re: Certsrv and Autoenrollment problem
- Next by thread: SMTP Routing
- Index(es):
Relevant Pages
|
