Question

Locked

Event ID 13 Autoenrollment failed

By otaku_lord ·
Here are the full errors:

Automatic certificate enrollment for local system failed to enroll for one Domain Controller Authentication certificate (0x800706ba). The RPC server is unavailable.

Automatic certificate enrollment for local system failed to enroll for one Directory Email Replication certificate (0x800706ba). The RPC server is unavailable.

I have inherited these errors so I can only tell you what I have done so far.

1. The Domain Controllers/Admins/Computers have been added to CERTSVC_DCOM_ACCESS security group. Then ran following commands:
"certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG"
"net stop certsvc && net start certsvc"

2. CA (Certificate Authority) has been installed on the primary DC. At one point it was installed on a previous DC but that DC was rebuilt and no longer exits. I have removed all mention of that DC in AD (that I know of).

3. Domain Controllers/Admins/Computers have been added to Security group under PROPERTIES in the CA.

So far, nothing has worked. I am still getting the event on my primary DC. I am also receiving KDC warnings on several computers with a message stating basically that the certificates are no longer valid and when attempting to retrieve new ones the server couldn't be found or didn't respond.

I am open to any and all suggestions at this point. I appreciate any help you might suggest.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Are you sure that these affected computers

by OH Smeg In reply to Event ID 13 Autoenrollmen ...

Can actually communicate with this server?

It sounds as if they are not reaching the server to begin with.

Col

Collapse -

Absolutely...

by otaku_lord In reply to Are you sure that these a ...

as this is the PDC for the domain. It resolves DNS correctly as well as reverse DNS. It also handles all Active Directory.

Collapse -

Forgot to say in reply...

by otaku_lord In reply to Are you sure that these a ...

that these errors are on the same machine as the PDC. The errors I am getting from the secondary DC are as follows:

EVENT ID 20
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data.

Collapse -

Check time on servers

by sigmapi71 In reply to Forgot to say in reply...

Are you sure time is syncronized? Set on the servers the same NTP, so they have the same time and the same NTP stratus.

Back to Networks Forum
5 total posts (Page 1 of 1)  

Hardware Forums