| Author | Messages | |
eis_lists
Posts:34
 | | 07/18/2008 9:35 AM |
| Thanks, Albert. Maybe I am a bit clueless on what exactly this is doing. (heading off into embarrassing territory here)
When I run that command, it fails saying it can’t find the record. When I run just certutil –TSAInfo, it tells me about a valid public cert for OWA (webmail.company.com). When I run this on the OWA box, I get the same error. Basically, I am not really sure what I am trying to do here.
Sorry to be so clueless. Any thoughts about what this means?
Thanks.
-- nme
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Albert
Sent: Wednesday, July 16, 2008 11:41 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Autoenrollment errors, CERTSRV_DCOM_ACCESS missing
HI,
There is another article also describing what to when the security group is not created...
Please have a look at: http://support.microsoft.com/kb/927066
Especially this part:
4. Settings may be incorrect if any one of the following conditions is true:
•
The CERTSVC_DCOM_ACCESS group does not exist.
•
The default membership of the CERTSVC_DCOM_ACCESS group is incorrect.
•
The CERTSVC_DCOM_ACCESS group does not have the correct permissions.
If any one setting is incorrect, run the following commands at a command prompt. Press ENTER after each command.
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc
After the group is there you need to be sure to add the "domain controllers" group as that one is not added by default.
Hope this helps,
Regards,
Albert
On Wed, Jul 16, 2008 at 10:15 PM, EIS Lists <eis_lists@sbcglobal.net> wrote:
Thanks, Albert. I have read that article. It does not seem to address the issue of the CERTSRV_DCOM_ACCESS security group not existing. The article says that group is created automatically during the upgrade to SP1. In our case, it does not seem to exist.
I can create the group and add the proper accounts, but I am not sure that will do anything.
-- nme
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Albert
Sent: Wednesday, July 16, 2008 10:32 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Autoenrollment errors, CERTSRV_DCOM_ACCESS missing
Please have a look at:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;903220
There you would find the solution most likely,
Regards,
Albert
On Wed, Jul 16, 2008 at 6:18 PM, EIS Lists <eis_lists@sbcglobal.net> wrote:
Hello:
I have several DCs giving autoenrollment errors. >From what I can see, it means that the DC is not a member of the CERTSRV_DCOM_ACCESS security group. However, as far as I can tell, that group does not exist. Any ideas why this might be or how to correct it?
Thanks,
-- nme
| | | |
|
|