Autoenrollment Feature Cannot Reach Active Directory

0

I'm getting the following error message a couple of computers: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Does anyone know how to resolve this aside from simply disabling auto-enroll? I've checked the computer settings and both are configured to use the correct (preferred) DNS.

windows-server-2003
active-directory
windows-xp
asked on Server Fault Aug 16, 2011 by murphj

2 Answers

1

I am assuming that the computers are properly joined to the domain. I am also assuming that you WANT the machines to autoenroll for a machine certificate.

Have you verified that:

  1. Your certificate services server is online
  2. Your certificate template has the correct security setting and is made available for issue
  3. Your group policy properly set to autoenroll workstations
  4. The time on your workstation matches the time on the domain (this is important for Kerberos tickets)
answered on Server Fault Aug 16, 2011 by newmanth
0

According to Microsoft it Could be a DNS issue or Network issue Accoring to http://support.microsoft.com/kb/310461 Microsoft says he following may help

Click Start, click Run, type gpedit.msc, and then press ENTER. In the left pane, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies. Double-click Autoenrollment Settings. Click Do not enroll certificates automatically. Click OK. Repeat steps 2 through 5, but in step 2, expand User Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies. Close the Group Policy window.

answered on Server Fault Aug 17, 2011 by tkrabec • edited Aug 18, 2011 by tkrabec

User contributions licensed under CC BY-SA 3.0