Re: Certificates

From: Steven L Umbach (n9rouz_at_nscomcast.net)
Date: 12/01/03

• Next message: Lanwench [MVP - Exchange]: "Re: Stolen Notebook and Password Security"
• Previous message: Steven L Umbach: "Re: Can someone help me?"
• In reply to: SR: "Certificates"
• Next in thread: SR: "Re: Certificates"
• Reply: SR: "Re: Certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 01 Dec 2003 19:50:49 GMT

It may be a networking or dns configuration problem. I would run netdiag on both
machines and dcdiag on the domain controller looking for any failed pertinent tests.
The domain controller in your situation should point only to itself by it's assigned
static ip address for dns server and the domain computers also must point only to the
domain controller for their dns configuration - NEVER any ISP dns servers configured
in tcp/ip properties of a domain computer. Netdiag and dcdiag are on the install
cdrom under the support/tools folder where you want to run the setup program
here. --- Steve

"SR" <anonymous@discussions.microsoft.com> wrote in message
news:075c01c3b835$f9d13240$a001280a@phx.gbl...
> I've setup a group policy in my Win2k domain (1 DC, 1
> member server and 1 client) with active directory that
> let's my machine request a machine certificate during
> bootup/logon. When I try to have my Windows 2000 Pro PC
> receive a machine certificate from my Enterprise ROOT CA
> (installed on a windows 2000 member server), I get an
> error message saying that the certificate store cannot be
> enumerated. When I use the certificates snap in to find
> my certificate store on the Windows 2000 Pro PC, I get an
> error message. What's wrong? How can I get my certificate
> stores back on my Windows 2000 Pro PC?

---

• Next message: Lanwench [MVP - Exchange]: "Re: Stolen Notebook and Password Security"
• Previous message: Steven L Umbach: "Re: Can someone help me?"
• In reply to: SR: "Certificates"
• Next in thread: SR: "Re: Certificates"
• Reply: SR: "Re: Certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Event ID 13 - automatic certificate enrollment error ... add Domain Controllers to it and check enroll ... > MMC for the certificate authority I can see the certificate templates ... > folder and when I select it I can then see Domain Controller on the ... > manage I can see the template Domain Controller. ... (microsoft.public.windows.server.active_directory) Autoenrollment Failure (0x80070005) - Additional help reqd. ... apply the fix recommended. ... One of the DCs is also a Certificate Server. ... >> has successfully obtained a 'Domain Controller' certificate. ... (microsoft.public.windows.server.active_directory) Re: Autoenrollment Failure (0x80070005) - Additional help reqd. ... reboot the server right now, I have to wait till 8 hours are passed by. ... > apply the fix recommended. ... > One of the DCs is also a Certificate Server. ... >>> I have an Enterprise Root CA, which resides on the first domain controller ... (microsoft.public.windows.server.active_directory) Re: Microsoft PKI: problem with autoenrollment for domain controllers ... Microsoft CAs are hard coded to request the Domain Controller certificate. ... WIndows SErver 2003 introduced the Domain Controller AUthentication certificate template, ... (microsoft.public.windows.server.security) Re: Autoenrollment of Certificates ... This newsgroup only focuses on SBS technical issues. ... Did you install CA on the SBS Server? ... | events which led up to the point where a new certificate was created ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2003-12