Jun 212013
 

Getting the following Error messages in the Application Event for both Windows 2003 and 2008 Servers

Windows 2003 R2

EVENT LOG Application
EVENT TYPE Error
SOURCE AutoEnrollment
EVENT ID 13
COMPUTERNAME PEFP
DATE / TIME 6/21/2013 7:35:44 AM
MESSAGE Automatic certificate enrollment for local system failed to enroll for one Domain Controller Authentication certificate (0x80070005). Access is denied.

Windows 2008 R2

 

EVENT LOG Application
EVENT TYPE Error
OPCODE Spooler Operation Succeeded
SOURCE Microsoft-Windows-CertificateServicesClient-CertEnroll
EVENT ID 13
USERNAME NT AUTHORITY\SYSTEM
COMPUTERNAME DBNFPAD
DATE / TIME 2013/06/21 11:26:44 AM
MESSAGE Certificate enrollment for Local system failed to enroll for a DirectoryEmailReplication certificate with request ID N/A from ????\????-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

 

Checked the following on the CA server

  1. Ensure that “Authenticated Users” group is in the “Certificate Service DCOM Access” group.
  2. Check the DCOM Access Limit of “My Computer” of the DC
    •   On the server, run dcomcnfg.exe.
    • On the Component Services console, navigate to Component Services\Computers\My Computer.
    • Right-click My Computer, select Properties, verify that Enable Distributed COM on this computer is selected in the Default Properties tab.
    • Click the COM Security tab, Click Edit Limits in the Access Permission section and ensure that Everyone and Certificate Service DCOM Access has Local Access and Remote Access permissions.
    • Click Edit Limits in the Launch and Activation Permission section and ensure that Certificate Service DCOM Access group has Local Activation and Remote Activation permissions.
    • Click OK

     

Done!

Leave a Reply