Autoenrollment Error Id 13
Contents |
additional information might be available elsewhere. Thank you for searching on this message; your search helps us identify those certificateservicesclient autoenrollment event id 64 areas for which we need to provide more information. If the product or version you are looking for is not listed, you can use this search box to search TechNet, the Microsoft Knowledge Base, and TechNet Blogs for more information. Enter the product name, event source, and event ID. For example: Vista Application Error 1001.
Arnar StangelandDecember 7, 20091 0 0 0 From my colleague Maria in the Domains team – a collection of useful bits event id 13 rpc server unavailable for troubleshooting autoenrollment issues: On a Windows Server 2003-based or
Event Id 13 Certificateservicesclient-certenroll
Windows XP-based computer, you cannot obtain certificates from a Windows Server 2008-based certification authority (CA).
Event Id 13 Kernel-general
This issue can occur if the CA is configured to use SHA2 256 encryption or higher encryption (SHA2 384 or SHA2 512) and the http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.2&EvtID=13&EvtSrc=autoenrollment&LCID=1033/ enrolling clients are legacy clients. See KB 968730 (Hotfix) Event id 80; Source Microsoft-Windows-CertificationAuthority on a windows 2008 certificate server Active Directory Certificate Services could not publish a Certificate for request ##### to the following location on server DC.DOMAIN.COM: CN=user,OU=OU, DC=domain,DC=com. Insufficient access rights to perform the operation. 0x80072098 (WIN32: https://blogs.technet.microsoft.com/instan/2009/12/07/troubleshooting-autoenrollment/ 8344). ldap: 0x32: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS) Check that the Cert Publishers group has permission to read and write to the userCertificate attribute on the user object in AD that is specified in the event. Enhanced Event Logging By default, autoenrollment logs errors/failures and successful enrollments in the Application event log on the client machine. To enable enhanced logging of the autoenrollment process to include warning and informational messages, the following registry values must be created. - SOFTWAREMicrosoftCryptographyAutoEnrollment AEEventLogLevel (Create a new DWORD value named "AEEventLogLevel", set value to 0.) NOTE: This value can be created under either HKLM or HKCU, depending on which context you need to troubleshoot. In this case I’d like us to set it on both. If you enable logging and don't see any events, check to see if Autoenrollment has been disabled: SOFTWAREPoliciesMicrosoftCryptographyAutoEnrollmentAEPolicy If it’s set to 0x00008000 h
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site http://serverfault.com/questions/488228/certificate-error-on-server-2008-r2-event-id-6-and-13 About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers event id are voted up and rise to the top Certificate Error on Server 2008 R2 Event ID 6 and 13 up vote 1 down vote favorite I have two DC, one is a Windows Server 2003 (certificate server), the other is Windows Server 2008 R2. The Windows Server 2008 R2 has the following events in the event viewer. Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment Event ID: 6 Automatic certificate enrollment for event id 13 local system failed (0x800706ba) The RPC server is unavailable. And Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Event ID: 13 Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from 2003DCinternal.domain.com\DOMAIN-Root-CA.domain.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). I've read a few things over the internet: Certificate enrollment for Local system failed to enroll Event ID:13 Seems to indicate that I should check if I already have a certificate installed. I open the Certificates MMC Snap-in on the 2008 R2 server having the errors and go to Personal > Certificates. From there I see a certificate for localhost issued by localhost (could that indicate a part of my problem?). I've also seen other stuff indicating that 2003 servers can not generate the correct certificates for 2003 or Windows 7 computers. Other than that Google doesn't really have any thing that solidly explains what the issue is. Could someone help me understand how to troubleshoot this? windows-server-2003 windows-server-2008-r2 ad-certificate-services share|improve this question asked Mar 15 '13 at 16:16 Nixphoe 3,63842144 Is there a firewall between the two machines? –Ryan Ries Mar 15 '13 at 16:32 @RyanRies There is not –Nixphoe Mar