Windows – Certificate Enrollment Fails
KB ID 0000921 Problem I first saw this problem a few years ago trying to get some Windows clients to auto enrol with server 2008, then this week my colleagues could not get new 2019 Domain Controller to enrol for a Kerberos certificate, and the this was caused by the same problem. Symtoms (RPC Error) 1. Test to make sure the client can see the CA, and is able to communicate with it, issue the following command; certutil -pulse As...
Publish CRL Error – Access Denied 0x80070005
KB ID 0001135 Problem Seen when attempting to publish a CRL on a Windows Certificate Services Server. Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED) Solution The problem is the COMPUTER ACCOUNT attempting to publish the CRL, (i.e. the Windows Certificate Services Server), needs rights to the physical folder the CRL files live in, like so; Related Articles, References, Credits, or External Links...
Event ID 13
KB ID 0000520 Problem Seen every few hours in the application log: Source: AutoEnrollment Description: Automatic certificate enrollment for the local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied. Solution 1. Go to your domain controller > Open Active Directory users and computers > Locate the CERTSVC_DCOM_ACCESS group. 2. Add in the “Domain Controllers” group. 3. On...
Windows – Error ‘A Good Time server could not be located’
KB ID 0000705 Problem Seen when running dcdiag, Error(s): Starting test: Advertising Warning: Server-Name is not advertising as a time server. ……………………. Server-Name failed test Advertising Running enterprise tests on : PeteNetLive.com Starting test: Intersite ……………………. PeteNetLive.com passed test Intersite Starting test: FsmoCheck...
Certificate Import Error – ‘Exception from HRESULT: 0x80070005’
KB ID 0000818 Problem Seen on Windows Server 2012 when trying to complete a certificate request. There was an error while trying to perform this operation Details: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Solution 1. Open Windows Explorer and navigate to; C:ProgramDataMicrosoftCryptoRSAMachineKeys Note: ProgramData is a hidden folder. 2. Open the folder properties > Security > Advanced >...