Certificate Auto Enrollment



I have a situation that is totally baffling me. I was
recently given the task to have IPSec running in our
environment. As part of my research, I was told to use a
CA to issue Computer certs for the machines on the network
and to use the Auto Enroll feature.

The lab is running a W2K3 Domain with 1 W2K3 DC and 2 W2K
DCs mimicing production. The W2K3 DC is also the
Certificate Authority for the Domain. I went into the
Default Domain Policy -> Computer Configuration -> Windows
Settings -> Security Settings -> Public Key Policies ->
Automatic Certificate Request Settings and enabled
Automatic Certificate Requests for Computers.

The W2K3DC1 and the W2KDC1 both enrolled automatically as
well as all of the clients in the lab. W2KDC2 however
keeps re-enrolling every 5-15 min. Right now, I have
about 150 issued certificates to W2KDC2 and 1 for all of
the other machines. I see nothing in the Event Logs that
give me anything to troubleshoot. Thanks in advance for
any help you can provide.



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question