|
Posted by Steven L Umbach on September 23, 2005, 1:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
domain computers group has read, enroll, and autoenroll permissions. On your
CA use the Management Console for Certificate Authority and look in the
failed requests folder to see if you find anything there that may have more
details on the reason the autoenroll failed. Try requesting a computer
certificate manually on one of the computers while logged on as a local
administrator using the mmc snapin for computer certificates to see if that
works or not. You would need to go to the personal folder, right click and
select all tasks - request new certificate. --- Steve
> Hello,
>
> I have setup a Windows Server 2003 box in a test environment as a RADIUS
> Server using IAS to familiarise with Wireless Networking Authentication
> (we
> are intending to deploy some Windows 2003 systems as RADIUS Servers in the
> near future). The authentication method that I am hoping to use is
> EAP-TLS,
> which I understand requires User and Computer Certificates. Hence, I
> installed a CA on the Server, and duplicated the User and Computer
> Certificate Templates, changing only the Expiration Times. Both Templates
> have Authenticated Users with Read Access, Domain Admins with Full Access.
> The new User Template has Domain Users with Enroll and AutoEnroll Access
> and
> the same for Computer Template except for Domain Computers group. We have
> configured the Domain Level GPO to grant Automatic Certificate Enrollment.
> However, when computers in the test environment update Group Policy they
> all
> contain the following events:
>
> Event Type: Error
> Event Source: AutoEnrollment
> Event Category: None
> Event ID: 13
> Date: 22/09/2005
> Time: 9:54:16 PM
> User: N/A
> Computer: EPT-101
> Description:
> Automatic certificate enrollment for local system failed to enroll for one
> LFN Computer certificate (0x80070005). Access is denied.
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Error
> Event Source: AutoEnrollment
> Event Category: None
> Event ID: 13
> Date: 22/09/2005
> Time: 10:09:49 PM
> User: N/A
> Computer: EPT-201
> Description:
> Automatic certificate enrollment for local system failed to enroll for one
> LFN Computer certificate (0x80070005). Access is denied.
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Where have I gone wrong? These are XP SP2 clients, I previously tried
> enabling detailed Enrollment Logging but the additional events provided no
> extra information.
>
> Thank-you in advance for all corresspondence,
>
> William Teller
| 
XML site map