Re: Error trying to Enroll user with Smart Card from Web Enrollment.

From: msnews.microsoft.com (List_at_mcshinsky.com)
Date: 12/08/04 

Date: Wed, 8 Dec 2004 15:23:07 -0500

Thanks that was it. The record for the CA was not being published into DNS.

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%23HmI28N3EHA.2568@TK2MSFTNGP11.phx.gbl...
>I have not come across that error or even tried to enroll for a user in a
>child domain but here are some thoughts. If the certsrv referred to via Web
>Enrollment is not a CA, make sure that the server is authorized for
>delegation in it's computer account in AD Users and computers. I would also
>verify that the CA is in the cert publishers group for the child domain,
>though that does not appear to be the problem based on your error
>description.
>
> The RPC server is unavailable often is a problem related to mainly dns
> name resolution or network connectivity to domain controllers and of
> course in a forest the domain controllers in each domain need to find each
> other via _srv records for trusts to work. I would verify that your dns
> configuration is correct. A quick , but not foolproof test, would be to
> ping each computer from the other and a domain controller in the other
> domain by it's fully qualified domain name. The support tools netdiag and
> dcdiag can also help to verify correct dns configuration/domain
> configuration in the domain/forest. If dns is delegated to the child
> domain and the child domain computers are using the child domain dns
> servers as their preferred dns server, it needs to be able to resolve
> parent domain names via the use of a secondary zone from the parent,
> conditional forwarding, or stub zone on the child zone dns server. The
> links below go into more detail. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q224370 -- this
> applies to W2003 also.
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
>
> "msnews.microsoft.com" <List@mcshinsky.com> wrote in message
> news:exorVMK3EHA.2180@TK2MSFTNGP10.phx.gbl...
>> When attempting to request a certificate for a smart card on behalf of
>> another user from web enrollment I get the following error.
>>
>> "An unexpected error occurred. Error. An unexpected error occured.
>> Error: (0x800706BA). CCertRequest Submit The RPC server is unavailable.
>> 0x800706ba (WIN32: 1722)"
>>
>> Environment:
>> 1. Standalone offline Root CA [Windows 2003 standard](not part of any
>> domain)
>> 2. Enterprise Subordinate CA [Windows 2003 standard] (part of parent
>> domain)
>> 3. Accounts domain is a child domain off of the parent.
>>
>> After doing many searches there were a few references to the error and
>> specificly referencing the enterprise CA being in a parent domain and
>> trying to publish to a child domain user account. I have followed the
>> instructions of adding the parent domains Cert Publishers group to user
>> objects in the child domain with the correct READ WRITE certificate
>> permissions. (Q281271). Has anyone come across this in the past. If
>> more info is needed, I would be glad to give it.
>>
>> Robert B. McShinsky
>> Dartmouth Hitch*** Medical Center
>>
>>
>
>

Quantcast