Renewed CA certificate and Auto-enrollment

S

Steve Carr

I seem to be having an issue with my Domain Controllers using
auto-enrollment to my CA since I renewed my certificate. I followed the
instructions from Q270048 about recreating the auto-enrollment policy within
group policy but still my DCs are getting "Access Denied" (Denied by Policy
Module). Any ideas out there on how to fix this? Thanks in advance.

The specs:
Win 2K with SP3 plus all present hotfixes
 
L

Laudon Williams [MSFT]

Have the DCs refreshed group policy? If not, gpupdate /force will cause them
to update and get the new policy.
 
S

Steve Carr

the group policy was forced to no avail. One other clue, the error includes
"configuration information cannot be retrieved from the DC". Any other
thoughts?
 
S

Steve Carr

nevermid, the last post made a lightbulb come on. The CA server no longer
had rights to read DC info. Problem solved. Thanks all
 
L

Laudon Williams [MSFT]

On what system is this error occuring? Is the CA running on a separate box
than the DC?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Web Enrollment Certificate Request Denied 2
Certificate Request Denied over Web Enrollment 0
certificate services question 1
Enrollment of certificate to a different CSP 1
EFS Auto enroll 0
Certificate Enrollment Denied By CA Server- HELP! 2
Windows XP computer certificate renewal from MS W2k Enterprise CA 3
Certificate Services 2

Top