Home > Event Id > Windows Autoenrollment Error 13

Windows Autoenrollment Error 13


And Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Event ID: 13 Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from 2003DCinternal.domain.com\DOMAIN-Root-CA.domain.com (The RPC server is unavailable. 0x800706ba (WIN32: Providing you DONT have a CA now, select "Certificate Templates" and delete them all. 5. See KB 968730 (Hotfix) Event id 80; Source Microsoft-Windows-CertificationAuthority on a windows 2008 certificate serverActive Directory Certificate Services could not publish a Certificate for request ##### to the following location on However, Windows Server 2003 SP1 introduces enhanced default security settings for the DCOM protocol. http://pubdimensions.com/event-id/windows-2003-autoenrollment-error-13.php

As per Microsoft: "The autoenrollment component determined that a valid certificate is not available for the user or computer account. Login By creating an account, you're agreeing to our Terms of Use and our Privacy Policy © Copyright 2006-2016 Spiceworks Inc. Finally on the server logging the error run the following command to update the policies: gpupdate /force Related Articles, References, Credits, or External Links NA Author: Migrated Share This Post On Windows Server 2008 R2 View the discussion thread. https://social.technet.microsoft.com/Forums/windowsserver/en-US/689081ab-b95f-4667-9bef-26ba94d8e980/event-id-13-autoenrollment-error?forum=winserverDS

Event Id 13 Rpc Server Unavailable

To test this, run the following command against the issuing certification authority certificate: certutil –v –verify –urlfetch The certutil –urlfetch combination can also be run against any certificate that you Windows Server 2003 Certificate Services provides enrollment and administration services by using the DCOM protocol. Access is denied. I finally found an idea in TechNet article "Configuring and Troubleshooting Windows 2000 and Windows Server 2003 Certificate Services Web Enrollment" where invalid or missing SPN (service principal name) could cause

Clearly, because it is named IEDEREEN (Dutch) in our environment. On the CA machine, I entered the following commands at the command prompt: certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG net stop certsvc net start certsvc The first time I ran the "setreg" command, x 95 Anonymous The event 13 from Autoenrollment message may be related to the new DCOM security enhancement of Windows Server 2003 SP1. Event Id 13 The System Watchdog Timer Was Triggered It seems that it can find proper SPN from AD and successfully authenticate to the CA server.

Once this was done I restarted the ADCS service and checked the security permissions on the templates. Event Id 13 Kernel-general Click on the COM Security tab. Tuesday, January 19, 2010 8:23 AM Reply | Quote 0 Sign in to vote Just to be 100% sure: when you said "to query" you mean that on LDP.exe after connecting Verify that the CERTSVC_DCOM_ACCESS group has been granted All Local Activation and Allow Remote Activation permissions.

You should have only Administrators and System able to access the machine private keys". Event Id 13 Certificate Enrollment For Local System Failed I could not get it to work on the last two and I have tried everything here and some tips I got from Internet. If you enable logging and don't see any events, check to see if Autoenrollment has been disabled: SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment\AEPolicy If it’s set to 0x00008000 hex (32768 dec ) then it’s disabled (0x00008000==AUTO_ENROLLMENT_DISABLE_ALL). So I tried that on the remaining DCs and it solved the problem.

Event Id 13 Kernel-general

k. http://serverfault.com/questions/488228/certificate-error-on-server-2008-r2-event-id-6-and-13 x 2 Arnaud Bacchella - Error code 0x80070005 - I followed the instructions contributor Ionut Marin gave about checking what are the ACLs on the directory C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys", Event Id 13 Rpc Server Unavailable Solution Note: The pertinent information in the Event ID 13 above is 0x800706ba there are Other causes of this Event ID make sure yours is the same. Event Id 13 Certificateservicesclient-certenroll The RPC server is unavailable.

Jan 29, 2010 Automatic certificate enrollment for DIGIBLUE\lparlato failed to enroll for one Basic EFS certificate (0x80070005).

v. Restarted the CA If the issue continues, you may consider to Uninstall the CA service, reinstall the service and restore CA from backup. I built the new R2 server, ran dcpromo, no problems. Under Launch and Activation Permissions, click Edit Limits. Event Id 13 Nps

I've read a few things over the internet: Certificate enrollment for Local system failed to enroll Event ID:13 Seems to indicate that I should check if I already have a certificate The "pkiview" tool (from the Resource Kit) was very helpful for me. dNSHostName = The Servers DNS name. The RPC server is unavailable.

Mar 11, 2014 Comments Poblano Aug 26, 2009 Martin5768 Manufacturing, 101-250 Employees here is some helpfull information.

cACertificate - We got the information for this attribute by looking at another object that had the field defined within Active Directory. Event Id 13 Nvlddmkm d. We added full control for System and Administrators (found that System was not listed for access and Administrators was listed but with no access granted) and ran the following commands: certutil

We used Step 6 from Microsoft article ME889250 to remove CA objects from Active Directory.

Login Join Community Windows Events AutoEnrollment Ask Question Answer Questions My Profile ShortcutsDiscussion GroupsFeature RequestsHelp and SupportHow-tosIT Service ProvidersMy QuestionsApp CenterRatings and ReviewsRecent ActivityRecent PostsScript CenterSpiceListsSpiceworks BlogVendor PagesWindows Events Event 13 On the specific server, triggered the creation of a certificate by entering "certutil -pulse" x 70 Nick from Australia After promoting a 2008 R2 server to DC and replicating AD from Thank you for searching on this message; your search helps us identify those areas for which we need to provide more information. Event Id 82 See ME939882 for a hotfix applicable to Windows Vista.

Element not found. Sure enough, the CA server had only one SPN registered: "HOST/CA". See example of private comment Links: Certificate Autoenrollment in Windows XP, EventID 10009 from source DCOM, Configuring and Troubleshooting Windows 2000 and Windows Server 2003 Certificate Services Web Enrollment , Certificate In my case I had an Exchange server that was using a certificate that had been "self signed".

I additionally had to add the group in the Security settings of the CA itself. l. Access is denied.

Jun 24, 2009 Automatic certificate enrollment for local system failed to enroll for one Computer certificate (0x800706ba). Access is denied.

e. Marked as answer by Wilson Jia Monday, January 25, 2010 1:30 AM Friday, January 22, 2010 7:02 AM Reply | Quote All replies 0 Sign in to vote Hi Ivan, Specifically, SP1 introduces more precise rights that give an administrator independent control over local and remote permissions for launching, activating, and accessing COM servers. Login here!

Close Component Services If you had to change the permissions/members of the CertSVC_DCOM_ACCESS group then you may in certain cases need to run the following to get the CA to recognize Verify that the CERTSVC_DCOM_ACCESS group has been granted Allow Local Access and Allow Remote Access permissions. By creating an account, you're agreeing to our Terms of Use, Privacy Policy and to receive emails from Spiceworks.