Autoenrollment 13 Error
Contents |
additional information might be available elsewhere. Thank you for searching on this message; your search helps us identify those event id 13 certificateservicesclient-certenroll areas for which we need to provide more information. If the product or version you are looking for is not listed, you can use this search box to search TechNet, the Microsoft Knowledge Base, and TechNet Blogs for more information. Enter the product name, event source, and event ID. For example: Vista Application Error 1001.
Arnar StangelandDecember 7, 20091 0 0 0 From my colleague Maria in the Domains team – a collection of useful bits for troubleshooting autoenrollment issues: On a Windows Server
Event Id 13 Kernel-general
2003-based or Windows XP-based computer, you cannot obtain certificates from a event id 13 nps Windows Server 2008-based certification authority (CA). This issue can occur if the CA is configured to use
Event Id 13 The System Watchdog Timer Was Triggered
SHA2 256 encryption or higher encryption (SHA2 384 or SHA2 512) and the enrolling clients are legacy clients. See KB 968730 (Hotfix) Event id 80; Source Microsoft-Windows-CertificationAuthority on http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.2&EvtID=13&EvtSrc=autoenrollment&LCID=1033/ a windows 2008 certificate server Active Directory Certificate Services could not publish a Certificate for request ##### to the following location on server DC.DOMAIN.COM: CN=user,OU=OU, DC=domain,DC=com. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344). ldap: 0x32: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS) Check that the Cert Publishers group has permission to read and write to https://blogs.technet.microsoft.com/instan/2009/12/07/troubleshooting-autoenrollment/ the userCertificate attribute on the user object in AD that is specified in the event. Enhanced Event Logging By default, autoenrollment logs errors/failures and successful enrollments in the Application event log on the client machine. To enable enhanced logging of the autoenrollment process to include warning and informational messages, the following registry values must be created. - SOFTWAREMicrosoftCryptographyAutoEnrollment AEEventLogLevel (Create a new DWORD value named "AEEventLogLevel", set value to 0.) NOTE: This value can be created under either HKLM or HKCU, depending on which context you need to troubleshoot. In this case I’d like us to set it on both. If you enable logging and don't see any events, check to see if Autoenrollment has been disabled: SOFTWAREPoliciesMicrosoftCryptographyAutoEnrollmentAEPolicy If it’s set to 0x00008000 hex (32768 dec ) then it’s disabled (0x00008000==AUTO_ENROLLMENT_DISABLE_ALL). Again, this should be checked under HKLM or HKCU depending on the whether computer or user Autoenrollment is of interest. Permissions On the CA server: - Verify membership of the CERTSVC_DCOM_ACCESS group. If you have mo
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack http://serverfault.com/questions/488228/certificate-error-on-server-2008-r2-event-id-6-and-13 Overflow the company Business Learn more about hiring developers or posting ads with us https://www.experts-exchange.com/questions/27623884/Event-ID-13-AutoEnrollment-Certificate.html Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Certificate Error event id on Server 2008 R2 Event ID 6 and 13 up vote 1 down vote favorite I have two DC, one is a Windows Server 2003 (certificate server), the other is Windows Server 2008 R2. The Windows Server 2008 R2 has the following events in the event viewer. Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment Event ID: 6 Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable. And Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Event ID: 13 Certificate event id 13 enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from 2003DCinternal.domain.com\DOMAIN-Root-CA.domain.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). I've read a few things over the internet: Certificate enrollment for Local system failed to enroll Event ID:13 Seems to indicate that I should check if I already have a certificate installed. I open the Certificates MMC Snap-in on the 2008 R2 server having the errors and go to Personal > Certificates. From there I see a certificate for localhost issued by localhost (could that indicate a part of my problem?). I've also seen other stuff indicating that 2003 servers can not generate the correct certificates for 2003 or Windows 7 computers. Other than that Google doesn't really have any thing that solidly explains what the issue is. Could someone help me understand how to troubleshoot this? windows-server-2003 windows-server-2008-r2 ad-certificate-services share|improve this question asked Mar 15 '13 at 16:16 Nixphoe 3,63842144 Is there a firewall between the two machines? –Ryan Ries Mar 15 '13 at 16:32 @RyanRies There is not –Nixphoe Mar 15 '13 at 16:39 add a comment| 1 Answer 1 active oldest votes up vote 1 down vote You might find the following link useful as a troubleshooting reference http://blogs.technet.com/b/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx . Incidentally,
Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor Services Groups Website Testing Store Headlines Experts Exchange > Questions > Event ID 13; AutoEnrollment Certificate Want to Advertise Here? Solved Event ID 13; AutoEnrollment Certificate Posted on 2012-03-08 Windows Server 2003 Active Directory 1 Verified Solution 8 Comments 988 Views Last Modified: 2012-08-14 We had a server on our network at one time - server1. The server was removed at some point and right after it was removed I started getting KDC errors as follows: Event ID: 20 Source: KDC The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found.... Microsoft article directed me to look in Certificats under the Personal for Local Server for a problem certificate and sure enough, there was a certificate there with the same name as server1, issued by server one at some point. Article was http://technet.microsoft.com/en-us/library/cc733985(v=ws.10).aspx I deleted the cert as instructed but the instructions said to renew the certificate. Renew it from where? Why renew it? Also, we do not have an internal Certificat Authority. Now a new error popped up on one of my domain controllers for AutoEnrollment: Event ID 13 Source: AutoEnrollment Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied. What are the servers trying to auto-enroll for? Any help would be great. 0 Question by:yccdadmins Facebook Twitter LinkedIn Google LVL 26 Best Solution byLeon Fester You might not use the certificate server, but your Domain uses it. The CA is part of your PKI and certificates are issued to domain server. Secure communications in your domain also uses the certificates Go to Solution 8 Comments Message Author Comment by:yccdadmins2012-03-08 Update to this issue. I found out the root of the problem. A