Announcement

Collapse
No announcement yet.

AutoEnrollment Error

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AutoEnrollment Error

    Hi,

    For the past 2 days, users have been complaining that sometimes they can not access a shared folder on one of our DCs. This DC is a Win2K Server.

    When i try to access the server using the UNC path, i get a message saying that the server is unavailable.

    When i restart the client PC, it usually fixes the problem but it is becoming very frequent. I am finding the errors below in the Event Log:


    Event Type: Error
    Event Source: AutoEnrollment
    Event Category: None
    Event ID: 15
    Date: 25/02/2009
    Time: 13:23:20
    User: N/A
    Computer: PC01
    Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.


    Event Type: Error
    Event Source: AutoEnrollment
    Event Category: None
    Event ID: 13
    Date: 25/02/2009
    Time: 13:24:46
    User: domain\username
    Computer: PC01
    Description: Automatic certificate enrollment for domain\username failed to enroll for one Basic EFS certificate (0x80070005). Access is denied.

    The previous administrator had installed a CA on one of the servers which i doubt is working well. Do you think it has something to do with this error? I would like to remove this CA too.

    Any help would be greatly appreciated. Thanks.

  • #2
    Re: AutoEnrollment Error

    Yes, it will have something to do with it. As the certificate for the PC is not enrolled, the server will be refusing connecton.

    As you said, either you remove the CA and remove the GPO policy assigning the certificates or you need to check the permissions on the certificate template being used by the PCs and users.

    This should point you in the right direction.

    http://technet.microsoft.com/en-us/l.../cc736358.aspx

    It's w2k3 but you should be able to load the certificate store into MMC for the server and check/set the appropriate read and enroll settings for your groups.
    Last edited by Virtual; 25th February 2009, 19:08.

    Comment


    • #3
      Re: AutoEnrollment Error

      I am receiving the Event ID: 13 on all client machines. Any ideas?

      I checked the CA and made sure domain users, domain computers, and DC's have read and request rights.

      Here is the specific error:
      Automatic certificate enrollment for local system failed to enroll for one Computer certificate (0x80070005). Access is denied.

      Comment

      Working...
      X