Certification authority

I have certification authority running on a windows 2008 server. I can
access with web servers and make requests for certificates but I can not
request a domain controller certificate.

I get

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: 5/19/2009
Time: 9:12:44 AM
User: N/A
Computer: DACTYL
Description:
Automatic certificate enrollment for local system failed to enroll for one
Domain Controller certificate (0x800706ba). The RPC server is unavailable.


I have dissabled the firewall and would like help in diagnosing this issue

thank you

Ted

 

Hello ted185,

Is the CA service started? Is the DC on the same subnet? Can you ping between
them with ip address, computername and FQDN?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have certification authority running on a windows 2008 server. I
> can access with web servers and make requests for certificates but I
> can not request a domain controller certificate.
>
> I get
>
> Event Type: Error
> Event Source: AutoEnrollment
> Event Category: None
> Event ID: 13
> Date: 5/19/2009
> Time: 9:12:44 AM
> User: N/A
> Computer: DACTYL
> Description:
> Automatic certificate enrollment for local system failed to enroll for
> one
> Domain Controller certificate (0x800706ba). The RPC server is
> unavailable.
> I have dissabled the firewall and would like help in diagnosing this
> issue
>
> thank you
>
> Ted
>

 

Yes the ca service is started. I can get certificates for web servers from it

the two domain controllers are 73.17 and 73.23 so yes they are on the same
subnet

I can update active directory settings in one and the other sees the
updates. they are my dns servers and if I update dns on one it gets
updated to the other.

the server is sol on the domain apollo13 and i can ping sol.apollo13 from
the computer hyperion4.

Sol has ca running on it

Ted

"Meinolf Weber [MVP-DS]" wrote:

> Hello ted185,
>
> Is the CA service started? Is the DC on the same subnet? Can you ping between
> them with ip address, computername and FQDN?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I have certification authority running on a windows 2008 server. I
> > can access with web servers and make requests for certificates but I
> > can not request a domain controller certificate.
> >
> > I get
> >
> > Event Type: Error
> > Event Source: AutoEnrollment
> > Event Category: None
> > Event ID: 13
> > Date: 5/19/2009
> > Time: 9:12:44 AM
> > User: N/A
> > Computer: DACTYL
> > Description:
> > Automatic certificate enrollment for local system failed to enroll for
> > one
> > Domain Controller certificate (0x800706ba). The RPC server is
> > unavailable.
> > I have dissabled the firewall and would like help in diagnosing this
> > issue
> >
> > thank you
> >
> > Ted
> >
>
>
>

 

I have attempted the following which did not resolve the issue
> 1. Please check to ensure that a new security group, CERTSVC_DCOM_ACCESS, has been created after Windows
> Server 2003 SP1 or later has been applied.
> 2. Please add the "Domain Users", "Domain Computers", "Domain Controllers" groups to the new
> CERTSVC_DCOM_ACCESS security group.
> 3. Then we can have Certificate Services update the DCOM security settings by running the following commands:
>
> certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
> net stop certsvc
> net start certsvc.

1. In Certificate Template snap-in, right click the certificate template
“Domain Controller Authentication” and ensure that Domain Controllers and
ENTERPRISE DOMAIN CONTROLLERS groups has the Enroll and Autoenroll
permissions, Authenticated Users has Read permission.

2. Verify that Authenticated Users is member of the Certificate Service
DCOM Access group.

3. Ensure that there is no firewall blocking the connection. To verify
it, you may use the utility portqry.

PortQryUI - User Interface for the PortQry Command Line Port Sc
http://www.microsoft.com/downloads/...37-1ea6-4569-aabb-f248f4bd91d0&displaylang=en

portqryui shows all ports are open and accessible

**************************

"Meinolf Weber [MVP-DS]" wrote:

> Hello ted185,
>
> Is the CA service started? Is the DC on the same subnet? Can you ping between
> them with ip address, computername and FQDN?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I have certification authority running on a windows 2008 server. I
> > can access with web servers and make requests for certificates but I
> > can not request a domain controller certificate.
> >
> > I get
> >
> > Event Type: Error
> > Event Source: AutoEnrollment
> > Event Category: None
> > Event ID: 13
> > Date: 5/19/2009
> > Time: 9:12:44 AM
> > User: N/A
> > Computer: DACTYL
> > Description:
> > Automatic certificate enrollment for local system failed to enroll for
> > one
> > Domain Controller certificate (0x800706ba). The RPC server is
> > unavailable.
> > I have dissabled the firewall and would like help in diagnosing this
> > issue
> >
> > thank you
> >
> > Ted
> >
>
>
>