Jump to content

Re: Auto enrollment Domain Certificate not working (error 13)

Guest Paul Bergson [MVP-DS]

By Guest Paul Bergson [MVP-DS]
in Techno Babble

 Share

Recommended Posts

Guest Paul Bergson [MVP-DS]

Guest Paul Bergson [MVP-DS]

Posted
Posted

This would be best asked in the security NewsGroup.

 

--

Paul Bergson

MVP - Directory Services

MCTS, MCT, MCSE, MCSA, Security+, BS CSci

2008, 2003, 2000 (Early Achiever), NT4

 

http://www.pbbergs.com

 

Please no e-mails, any questions should be posted in the NewsGroup This

posting is provided "AS IS" with no warranties, and confers no rights.

 

 

"Cristian" <Cristian@discussions.microsoft.com> wrote in message

news:3636D015-CD96-4A2F-9A1B-7596310353C3@microsoft.com...<span style="color:blue">

> Hi we have problem with getting the domain controller to get Certs.

>

> The error in the log is Error 13

>

> If we manually try to get a cert from a dc(Certificate Enrollment,Domain

> Controller) we get the result "The RPC server is unavailable" (and error

> 13

> is logged in the event log)

>

> (like many other) And we found a(many) tip to run:

>

> certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG

> net stop certsvc

> net start certsvc

>

> It reports that the old value was 6003 and so on. And the new value is

> 4003.

> Restart certsvc and when it started and we run the command above it says

> that it's old value is 6003 again (If we don't restart the service it says

> that its 4003)

>

> The Group exists in the domain and the domain controllers are added. But

> if

> we look in the Component manager the Certsvc_dcom_access group doesn't

> exist

> under "Com Security"- "Access Permission" or "Launch and Activation

> Permission". I have tried to add it myself but with no difference. (I

> removed

> it again because it didn't work.And the article I found kb 927066

> specified

> that it would be there when we ran the above command.)

>

> Now we think we have tried all the solutions in the world with no

> different

> results..

>

> Thanks for the help..// Cristian

>

> Ps. The system is CertSvc=Windows 2008 Std (DC and Exchange server) This

> one

> actually have a Domain Cert issued also.

> then we have 1 windows 2008 std as DC and 1 Windows 2003 std as DC Both

> without a Certificate </span>

  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Cristian

Guest Cristian

Posted
Posted

I repost in security.. It's a little bit in the same area (and similar

question has been answered in both forums but i repost..)

 

"Paul Bergson [MVP-DS]" wrote:

<span style="color:blue">

> This would be best asked in the security NewsGroup.

>

> --

> Paul Bergson

> MVP - Directory Services

> MCTS, MCT, MCSE, MCSA, Security+, BS CSci

> 2008, 2003, 2000 (Early Achiever), NT4

>

> http://www.pbbergs.com

>

> Please no e-mails, any questions should be posted in the NewsGroup This

> posting is provided "AS IS" with no warranties, and confers no rights.

>

>

> "Cristian" <Cristian@discussions.microsoft.com> wrote in message

> news:3636D015-CD96-4A2F-9A1B-7596310353C3@microsoft.com...<span style="color:green">

> > Hi we have problem with getting the domain controller to get Certs.

> >

> > The error in the log is Error 13

> >

> > If we manually try to get a cert from a dc(Certificate Enrollment,Domain

> > Controller) we get the result "The RPC server is unavailable" (and error

> > 13

> > is logged in the event log)

> >

> > (like many other) And we found a(many) tip to run:

> >

> > certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG

> > net stop certsvc

> > net start certsvc

> >

> > It reports that the old value was 6003 and so on. And the new value is

> > 4003.

> > Restart certsvc and when it started and we run the command above it says

> > that it's old value is 6003 again (If we don't restart the service it says

> > that its 4003)

> >

> > The Group exists in the domain and the domain controllers are added. But

> > if

> > we look in the Component manager the Certsvc_dcom_access group doesn't

> > exist

> > under "Com Security"- "Access Permission" or "Launch and Activation

> > Permission". I have tried to add it myself but with no difference. (I

> > removed

> > it again because it didn't work.And the article I found kb 927066

> > specified

> > that it would be there when we ran the above command.)

> >

> > Now we think we have tried all the solutions in the world with no

> > different

> > results..

> >

> > Thanks for the help..// Cristian

> >

> > Ps. The system is CertSvc=Windows 2008 Std (DC and Exchange server) This

> > one

> > actually have a Domain Cert issued also.

> > then we have 1 windows 2008 std as DC and 1 Windows 2003 std as DC Both

> > without a Certificate </span>

> </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...