Active Directory Certification Authority not renewing certificate

We have a wireless network in our office. I dont really see the point in it, its only for users to pickup there laptops and wander around the place. But last week it caused me more headaches because the certificate authority wasnt renewing or issuing new certificates.

We have Windows Server 2003 SP2 (emphasis on the SP2)

The event log on the client machine reports the following error:

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: date
Time: time
User: N/A
Computer: computer_name
Description: Automatic certificate enrollment for local system failed to enroll for one Computer certificate (0x80070005). Access is denied. For more information, see Help and Support Center at http://support.microsoft.com.

wireless error

When I manually requested a certificate by using the Certificate snap-in on the client machine, I receive the following error message:

The certificate request failed because of one of the following conditions: -The certificate request was submitted to a Certification Authority (CA) that is not started. -You do not have the permissions to request certificates from the available CAs.

cert error on request

After many hours, I and frustration and the fact that it used to work, but does now I came across Description of the changes to DCOM security settings after you install Windows Server 2003 Service Pack 1.  Reading through the document I found that I’m missing the security group CERTSVC_DCOM_ACCESS, after adding the group and the relevant security permissions it started working.

So even though I was already at SP2 something happened to stop it working, and seeming I inherited the network I have no idea if, when or how the group disappeared.

Advertisements

About Phill McSherry
Phill McSherry has been working in the Australian IT industry for over 20 years and is the technical manager and solutions architect for managed services provider Titan Solutions - www.titansolutions.com.au

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: