Auto Enrollment Event ID: 13 Failed to enroll ... Certific..

Toggle sidebar Toggle sidebar
F

fred

Distinguished
Mar 30, 2004
916
0
18,980
Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

I get these error messages on a windows 2003 server domain controller
every 8 hour, Is it something I should be worry about I didn't find any
clue anywhere
---------------------------------------------------------
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: 9/10/2005
Time: 3:04:21 AM
User: N/A
Computer: HQ-SRV02
Description:
Automatic certificate enrollment for local system failed to enroll for
one Directory Email Replication certificate (0x80070005). Access is
denied.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
--------------------------------------------------------
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: 9/10/2005
Time: 3:04:21 AM
User: N/A
Computer: HQ-SRV02
Description:
Automatic certificate enrollment for local system failed to enroll for
one Domain Controller Authentication certificate (0x80070005). Access
is denied.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
--------------------------------------------------------

I will appreciate any help on this

TA
Fred
 
Archived from groups: microsoft.public.win2000.security (More info?)

In article <1126340306.952719.177790@g47g2000cwa.googlegroups.com>, in
the microsoft.public.win2000.security news group, Fred
<shahvalian@gmail.com> says...

> I get these error messages on a windows 2003 server domain controller
> every 8 hour, Is it something I should be worry about I didn't find any
> clue anywhere
>

I'm assuming that this is with Windoes Server 2003 SP1? If so, this is
why it is important to actually read the Release Notes that accompany
service packs.

http://support.microsoft.com/default.aspx/kb/889101
#XSLTH4213121122120121120120

or

http://tinyurl.com/cecma

In a nut shell you need to add your domain controllers to the
CERTSVC_DCOM_ACCESS group.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 
I have added domain controllers to the CERTSVC_DCOM_ACCESS group; I have run certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG then stopped and restarted the CA. But the autoenrollment is still failing for my new domain controller.

HELP!
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom