AD Sites and Services: ‘Show Services Node’ Missing?

KB ID 0001448

Problem

While working on an old Exchange system this week I wanted to take a look at the ‘autodiscovery’ SCP in AD Sites and Services. Read any post, and you will se that you need to enable ‘Services Node View’ in AD sites and services. To do that you simply right click then go to View > Show Service Node. However, I didn’t get that option?


Solution

This was driving me crazy for a while, and it looks like it’s a bug in the Microsoft Management Console. If you look at the image (above) you will see Active Directory Sites and Services is selected (i.e. its blue). However it wasn’t when I ‘right clicked’.

You need to manually left click ‘Active Directory Sites and Services’ to select it.

Then once selected, right click, and then you get the correct menu.

Yes that’s annoyingly simple, and yes it took 20 minutes to find out what I was doing wrong!

Related Articles, References, Credits, or External Links

NA

Event ID 6 and 13

KB ID 0000473 

Problem

Event ID 6

Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment

Description:

Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.

 

Event ID 13

Source: Microsoft-Windows-CertificateServicesClient-CertEnroll

Description:

Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from {hostname}{name of CA}(The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

 

Solution

Note: The pertinent information in the Event ID 13 above is 0x800706ba there are Other causes of this Event ID make sure yours is the same.

In my case I had an Exchange server that was using a certificate that had been “self signed”. And the Root CA that signed the certificate had been ungracefully removed from the domain. Take a note of the Root CA name from the Event ID error shown arrowed).

1. Launch Active Directory Sites and Services” > Select the top level object > View > Show Services Node.

2. Expand Services > Public Key Services > AIA > Delete the “Problem CA”.

3. Then select “Enrollment Services” > Delete the “Problem CA”.

If you have a New CA (in this example you would have seen it in step 2), then DO NOT perform the next two steps!!!

4. Providing you DONT have a CA now, select “Certificate Templates” and delete them all.

5. Providing you DONT have a CA now, select “Public Key Services” and delete the NTAuthCertificates item.

6. To tidy up, (On the server logging the error) run the following command:

[box] certutil -dcinfo deleteBad [/box]

7. Finally on the server logging the error run the following command to update the policies:

[box] gpupdate /force [/box]

Related Articles, References, Credits, or External Links

NA