RE: AutoEnrollment Error Event 13
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Thu, 26 Jun 2008 06:52:21 GMT
Hello Steve,
Thank you for posting here.
According to your description, I understand that you get event error 13
"Automatic certificate enrollment for local system failed to enroll for one
Domain Controller certificate (0x80040154). Class not registered" on your
SBS 2003. If I have misunderstood the problem, please don't hesitate to let
me know.
Based on my research, the corrupted certificate on SBS may cause this
issue. I suggest we try the following steps to see if we can resolve this
issue:
1. Set the AutoEntolment group policy on SBS:
a. Select Start > Administrative Tools > Domain Controller Security Policy
b. Selected Public Key Policies, double click Autoenrollment settings,
select "Do not enroll certificates automatically", click OK.
c. Then, monitor this issue for a period of time.
If the issue persists, please go to the following steps:
2. To stop these errors from occurring we need to remove the left over
Certificate Authority entries from Active Directory.
To do this we used the command: "certutil -dsdel"
For detail steps, please refer to the following KB:
How to remove manually Enterprise Windows Certificate Authority from
Windows 2000/2003 Domain
http://support.microsoft.com/kb/555151
Then, test this issue. If the issue persists, please go to the following
steps:
3. Check the following object in Active Directory:
Warning: If you use the ADSI Edit snap-in, the LDP utility, or any other
LDAP version 3 client, and you incorrectly modify the attributes of Active
Directory objects, you can cause serious problems. These problems may
require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows
Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server
2003, or both Windows and Exchange. Microsoft cannot guarantee that
problems that occur if you incorrectly modify Active Directory object
attributes can be solved. Modify these attributes at your own risk.
a. Install the windows server 2003 support tools on SBS
b. Run command "adsiedit.msc" to open the following location:
"cn=enrollment services,cn=public key
services,cn=services,Cn=configeration,DC=domain,DC=com"
c. If there is object under this location that were enterprise CA that no
longer existed, please delete it.
Note: Before you delete these objects get a system state backup in case the
CA is a valid CA.
If we cannot resolve the issue after we perform the steps above, please
help me collect some information for further investigation:
1. Do you have any other symptom about this issue?
2. Gather MPS network report on SBS:
a. Download MPSrepot_network from
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE
b. Run MPSRPT_NETWORK.exe.
c. The tool will automatically collect the information. This procedure will
take 10~15 minutes.
d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\
e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx
I hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: AutoEnrollment Error Event 13Gpupdate.exe
thread-index: AcjWMoWzi6sKmCDRQNapivlyVWeeQA==
X-WBNR-Posting-Host: 65.55.21.8
From: =?Utf-8?B?U3RldmUgTG91aWU=?= <SteveLouie@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: AutoEnrollment Error Event 13
Date: Tue, 24 Jun 2008 12:43:05 -0700
Lines: 29
Message-ID: <8DD1DD4D-0195-4819-AB47-6A3AA7ABF7E9@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGHUB02.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:112912
NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
X-Tomcat-NG: microsoft.public.windows.server.sbs
Hi,
I have Small Business Server 2003 SP2. I have been getting this message
since the server was setup last year. Here is the entire message
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: 6/24/2008
Time: 3:57:52 AM
User: N/A
Computer: WATSERVER
Description:
Automatic certificate enrollment for local system failed to enroll for one
Domain Controller certificate (0x80040154). Class not registered
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
I went to the link and and followed the instructions to do the
/force but that did not address the problem.
any ideas hot to address the issue. i believe this might have to do with
some performance issues on my network and logon issues.
thanks,
Steve Louie
.
- Prev by Date: RE: MSXML 4.0 SP2 will not install on Win SBS2K3 Standard
- Next by Date: Slow SBS Backups
- Previous by thread: Re: Exchange emails ending up in Outlook 2007 junk folder
- Next by thread: Slow SBS Backups
- Index(es):
Relevant Pages
|
