Windows – Certificate Enrollment Fails
KB ID 0000921 Problem I first saw this problem a few years ago trying to get some Windows clients to auto enrol with server 2008, then this week my colleagues could not get new 2019 Domain Controller to enrol for a Kerberos certificate, and the this was caused by the same problem. Symtoms (RPC Error) 1. Test to make sure the client can see the CA, and is able to communicate with it, issue the following command; certutil -pulse As...
Windows – Unable to Move an OU
KB ID 0001336 Problem I was doing some AD redesign work for a client this week, and I needed to move an Organisational Unit (OU). However the domain had other ideas; Active Directory Domain Services Windows cannot move object {OU-Name} because: Access is denied. It wasn’t a rights issue, (I was an Enterprise Administrator). Solution As it turns out, it was the same problem I’d had back when Server 2008 first came out...
Event ID 1202
KB ID 0000123 Problem Security policies are propagated with warning. 0x5 : Access is denied. Please look for more details in Troubleshooting section in Security Help. This error typically occurs when the system has not been granted the correct permissions to update the access control list of a service. This may occur if the Administrator defines permissions for a service in a policy but does not grant the System account Full Control...
Event ID 13
KB ID 0000520 Problem Seen every few hours in the application log: Source: AutoEnrollment Description: Automatic certificate enrollment for the local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied. Solution 1. Go to your domain controller > Open Active Directory users and computers > Locate the CERTSVC_DCOM_ACCESS group. 2. Add in the “Domain Controllers” group. 3. On...
Can’t Delete a File or Folder or Take Ownership
KB ID 0000887 Problem I have a portable drive that I carry in my laptop bag that has all the service packs and iso images that I might need. The problem is when I install service packs and updates on clients servers and PC’s, they have a habit of creating folders on my portable drive that are a pain to delete. While tidying up the drive today, it was telling me I did not have the rights to do so. When I tried to take ownership...