Domain certificate error

Hello,

I have installed a entreprise CA on my new domain. I see that all my
DC recieved a Domain Controler certificate except one.

If I check the log I can see two event :

First : Eventid 6 :

 Automatic certificate enrollment for local system failed (0x800706ba)
The RPC server is unavailable.

Second : EventID 13 : 

Certificate enrollment for Local system failed to enroll for a
DomainController certificate with request ID N/A from
DCSHDCT02.mydomaint.local\mydomain-DCSHDCT02-CA (The RPC server is
unavailable. 0x800706ba (WIN32: 1722)).

The message seems to be clear, but if i try to do a telnet one
DCSHDCT02 I can see a connection! Then, I can say the RPC server is on
and working well.

Can anybody help me?


--- news://freenews.netfront.net/ - complaints: news@netfront.net ---
0
jithurbide
1/29/2010 1:21:40 PM
windows.server.active_director 902 articles. 0 followers. Follow

37 Replies
9775 Views

Similar Articles

[PageSpeed] 6

<jithurbide@gmail.com> wrote in message 
news:rln5m5p9hg7qq6agbjrnqag382s1ho5k3j@4ax.com...
> Hello,
>
> I have installed a entreprise CA on my new domain. I see that all my
> DC recieved a Domain Controler certificate except one.
>
> If I check the log I can see two event :
>
> First : Eventid 6 :
>
> Automatic certificate enrollment for local system failed (0x800706ba)
> The RPC server is unavailable.
>
> Second : EventID 13 :
>
> Certificate enrollment for Local system failed to enroll for a
> DomainController certificate with request ID N/A from
> DCSHDCT02.mydomaint.local\mydomain-DCSHDCT02-CA (The RPC server is
> unavailable. 0x800706ba (WIN32: 1722)).
>
> The message seems to be clear, but if i try to do a telnet one
> DCSHDCT02 I can see a connection! Then, I can say the RPC server is on
> and working well.
>
> Can anybody help me?


It's more than just telnet. The RPC server is unavailable message simply 
means it either cannot fully communicate with the necessary ports to the 
server, DNS cannot resolve all necessary records (SRV and "A" records), or 
the server is completely down. Since you can telnet, then it's indicating 
the server is up but there are possibly some firewall ports blocked. Within 
a private infrastructure, it is assumed that all ports are allowed and 
opened between all servers and workstations.

I remember you said you 'changed your firewall strategy' in another thread 
regarding your Sites issues. What exactly is your new strategy?

-- 
Ace

This posting is provided "AS-IS" with no warranties or guarantees and 
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among 
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & 
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please 
contact Microsoft PSS directly. Please check http://support.microsoft.com 
for regional support phone numbers. 


0
Ace
1/29/2010 3:19:57 PM
Hi
To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. IF it 
asks for authentication credentials, you may have a FW issue, name 
resolution problems (from CA side or DC side). A workaround for this may be 
to cache the credentials on DC side (using the option save the credentials 
when you're doing the SMB connection).

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




<jithurbide@gmail.com> wrote in message 
news:rln5m5p9hg7qq6agbjrnqag382s1ho5k3j@4ax.com...
> Hello,
>
> I have installed a entreprise CA on my new domain. I see that all my
> DC recieved a Domain Controler certificate except one.
>
> If I check the log I can see two event :
>
> First : Eventid 6 :
>
> Automatic certificate enrollment for local system failed (0x800706ba)
> The RPC server is unavailable.
>
> Second : EventID 13 :
>
> Certificate enrollment for Local system failed to enroll for a
> DomainController certificate with request ID N/A from
> DCSHDCT02.mydomaint.local\mydomain-DCSHDCT02-CA (The RPC server is
> unavailable. 0x800706ba (WIN32: 1722)).
>
> The message seems to be clear, but if i try to do a telnet one
> DCSHDCT02 I can see a connection! Then, I can say the RPC server is on
> and working well.
>
> Can anybody help me?
>
>
> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---  

0
Jorge
1/30/2010 11:43:01 PM
Hello,


> I remember you said you 'changed your firewall strategy' in another thread 
> regarding your Sites issues. What exactly is your new strategy?

Ok fist I have block all trafics execpt for AD port. But, I discover that 
with winsows 2008 r2 Ad need to have a range of port open. Then I open IP 
communication between all DC! Then, I can say that it's not a problem with 
my firewall!

Julien
 

0
Julien
2/1/2010 12:08:27 PM
Hello,

You say :

> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC.

What is the CAName ? My computer name ? like dcshdct02 ? or the name I can 
see on the Certification authority MMC?

I can browse the CA with the comupter name \\dcshdct02 but not the name I 
see on the CA MMC.

Julien
 

0
Julien
2/1/2010 12:12:25 PM
"Julien" <jithurbide@removegmail.com> wrote in message 
news:Od9jrizoKHA.5260@TK2MSFTNGP02.phx.gbl...
> Hello,
>
>
>> I remember you said you 'changed your firewall strategy' in another 
>> thread regarding your Sites issues. What exactly is your new strategy?
>
> Ok fist I have block all trafics execpt for AD port. But, I discover that 
> with winsows 2008 r2 Ad need to have a range of port open. Then I open IP 
> communication between all DC! Then, I can say that it's not a problem with 
> my firewall!
>
> Julien
>
>


There are numerous ports that AD needs, as you know. Usually we just open it 
up wide open and let it have everything, otherwise if you try to make port 
exceptions in a firewall, it turns it into Swiss cheese anyway.

Can you post exactly what ports you opened up? Also, if you followed an 
article on what ports to open, can you post the article you followed?

Ace


0
Ace
2/1/2010 4:21:56 PM
"Julien" <jithurbide@removegmail.com> wrote in message 
news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
> Hello,
>
> You say :
>
>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC.
>
> What is the CAName ? My computer name ? like dcshdct02 ? or the name I can 
> see on the Certification authority MMC?
>
> I can browse the CA with the comupter name \\dcshdct02 but not the name I 
> see on the CA MMC.
>
> Julien
>
>


The CAName is the computer name of your CA (Certificate Authority) server.

Is dcshdct02 the name of the CA? If so, what do you mean by can't browse by 
the name in the CA MMC console? what name is that?

Ace 


0
Ace
2/1/2010 4:23:28 PM
Hello,

First I have open the port TCP/UDP:

1025
1030
123
135
139
3268
389
445
49155
49159
88
53
750

But now, I have open all TCP/UDP trafic !!!!!



"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
news:eFvusq1oKHA.4836@TK2MSFTNGP05.phx.gbl...
> "Julien" <jithurbide@removegmail.com> wrote in message 
> news:Od9jrizoKHA.5260@TK2MSFTNGP02.phx.gbl...
>> Hello,
>>
>>
>>> I remember you said you 'changed your firewall strategy' in another 
>>> thread regarding your Sites issues. What exactly is your new strategy?
>>
>> Ok fist I have block all trafics execpt for AD port. But, I discover that 
>> with winsows 2008 r2 Ad need to have a range of port open. Then I open IP 
>> communication between all DC! Then, I can say that it's not a problem 
>> with my firewall!
>>
>> Julien
>>
>>
>
>
> There are numerous ports that AD needs, as you know. Usually we just open 
> it up wide open and let it have everything, otherwise if you try to make 
> port exceptions in a firewall, it turns it into Swiss cheese anyway.
>
> Can you post exactly what ports you opened up? Also, if you followed an 
> article on what ports to open, can you post the article you followed?
>
> Ace
>
> 
0
Julien
2/2/2010 8:59:29 AM
Hello,

In fact, the computer name is dcshdct02, but if I open the certification 
authority MMC, the name of the server is : mydomain-DCSHDCT02-CA.



"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
> "Julien" <jithurbide@removegmail.com> wrote in message 
> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>> Hello,
>>
>> You say :
>>
>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC.
>>
>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I 
>> can see on the Certification authority MMC?
>>
>> I can browse the CA with the comupter name \\dcshdct02 but not the name I 
>> see on the CA MMC.
>>
>> Julien
>>
>>
>
>
> The CAName is the computer name of your CA (Certificate Authority) server.
>
> Is dcshdct02 the name of the CA? If so, what do you mean by can't browse 
> by the name in the CA MMC console? what name is that?
>
> Ace
> 
0
Julien
2/2/2010 9:02:59 AM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:%239DAJY%23oKHA.5328@TK2MSFTNGP04.phx.gbl...
> Hello,
>
> First I have open the port TCP/UDP:
>
> 1025
> 1030
> 123
> 135
> 139
> 3268
> 389
> 445
> 49155
> 49159
> 88
> 53
> 750
>
> But now, I have open all TCP/UDP trafic !!!!!

That's good you opened all traffic. There are more ports that are required 
than you posted. That was why you got the errors. You were missing the 
Service ports.

For more information on ports required, please read the following to 
understand better what ports AD requires. It's not as simple as the ports 
you mentioned. That was why I was saying it is easier just to allow ALL 
ports, for after all, if it is an internal private network, you are safe 
anyway.

Paul Bergson's Blog on AD Replication and Firewall Ports
http://www.pbbergs.com/windows/articles/FirewallReplication.html

Restricting Active Directory replication traffic and client RPC 
....Restricting Active Directory replication traffic and client RPC traffic 
to a ... unique port, and you restart the Netlogon service on the domain 
controller. ...
http://support.microsoft.com/kb/224196

How to restrict FRS replication traffic to a specific static port - How to 
restrict FRS replication traffic to a specific static port ... Windows 
2000-based domain controllers and servers use FRS to replicate system policy 
....
http://support.microsoft.com/kb/319553

Network Ports Used by Key Microsoft Server Products - You can also restrict 
the range of ports that RPC dynamically assigns to a small range, ..... 
Windows domain controllers use the SMTP service for intersite ...
http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx

Ace



0
Ace
2/2/2010 5:05:35 PM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:OoKFGa%23oKHA.1548@TK2MSFTNGP02.phx.gbl...
> Hello,
>
> In fact, the computer name is dcshdct02, but if I open the certification 
> authority MMC, the name of the server is : mydomain-DCSHDCT02-CA.
>

That appears to be the CA name you gave it, not the computer name.

Ace



0
Ace
2/2/2010 5:06:41 PM
Hi
Yes, test the connection using \\dcshdct02


-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
> Hello,
>
> In fact, the computer name is dcshdct02, but if I open the certification 
> authority MMC, the name of the server is : mydomain-DCSHDCT02-CA.
>
>
>
> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>> "Julien" <jithurbide@removegmail.com> wrote in message 
>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>> Hello,
>>>
>>> You say :
>>>
>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC.
>>>
>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I 
>>> can see on the Certification authority MMC?
>>>
>>> I can browse the CA with the comupter name \\dcshdct02 but not the name 
>>> I see on the CA MMC.
>>>
>>> Julien
>>>
>>>
>>
>>
>> The CAName is the computer name of your CA (Certificate Authority) 
>> server.
>>
>> Is dcshdct02 the name of the CA? If so, what do you mean by can't browse 
>> by the name in the CA MMC console? what name is that?
>>
>> Ace
>> 
0
Jorge
2/2/2010 9:50:58 PM
Hello,


I have tested and it's working !



"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
> Hi
> Yes, test the connection using \\dcshdct02
>
>
> -- 
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
>
>
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>> Hello,
>>
>> In fact, the computer name is dcshdct02, but if I open the certification 
>> authority MMC, the name of the server is : mydomain-DCSHDCT02-CA.
>>
>>
>>
>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>> Hello,
>>>>
>>>> You say :
>>>>
>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC.
>>>>
>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I 
>>>> can see on the Certification authority MMC?
>>>>
>>>> I can browse the CA with the comupter name \\dcshdct02 but not the name 
>>>> I see on the CA MMC.
>>>>
>>>> Julien
>>>>
>>>>
>>>
>>>
>>> The CAName is the computer name of your CA (Certificate Authority) 
>>> server.
>>>
>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't browse 
>>> by the name in the CA MMC console? what name is that?
>>>
>>> Ace
>>> 
0
Julien
2/4/2010 8:27:06 AM
Hello,

I can do a SMB connection but I don't have the certificate.

Can any body help me to resolve this issue?

Julien



"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
> Hi
> Yes, test the connection using \\dcshdct02
>
>
> -- 
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
>
>
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>> Hello,
>>
>> In fact, the computer name is dcshdct02, but if I open the certification 
>> authority MMC, the name of the server is : mydomain-DCSHDCT02-CA.
>>
>>
>>
>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>> Hello,
>>>>
>>>> You say :
>>>>
>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC.
>>>>
>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I 
>>>> can see on the Certification authority MMC?
>>>>
>>>> I can browse the CA with the comupter name \\dcshdct02 but not the name 
>>>> I see on the CA MMC.
>>>>
>>>> Julien
>>>>
>>>>
>>>
>>>
>>> The CAName is the computer name of your CA (Certificate Authority) 
>>> server.
>>>
>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't browse 
>>> by the name in the CA MMC console? what name is that?
>>>
>>> Ace
>>> 
0
Julien
2/8/2010 10:33:19 AM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
> Hello,
>
> I can do a SMB connection but I don't have the certificate.
>
> Can any body help me to resolve this issue?
>
> Julien

Can you connect to the CA using a browser? If you can, you can request a 
cert.

https://dcshdct02
or
http://dcshdct02

Also, you said that you've opened the firewall up wide open, correct? That 
should have alleviated the RPC errors. However, if it didn't resolve the 
errors, then something else is going on. It could be using the wrong DNS, 
multihomed DC (more than one NIC and/or RRAS is installed on a DC) which 
will cause these problems, too, due to incorrect DNS lookups, which will 
stop GPOs from applying, among other things.

Can you post an ipconfig /all from the DC, as well as any EventID# errors 
(App, System, FRS, Dir Service logs)?

Ace


0
Ace
2/8/2010 4:53:50 PM
Is the CA service started?
Did you test SMB from that DC?
IS that DC passing through ISA? IF yes, can you disable the RPC filter for 
that rule and test again? You may need to reboot the DC twice until that 
error goes away.

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
> Hello,
>
> I can do a SMB connection but I don't have the certificate.
>
> Can any body help me to resolve this issue?
>
> Julien
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>> Hi
>> Yes, test the connection using \\dcshdct02
>>
>>
>> -- 
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>>
>>
>>
>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>> Hello,
>>>
>>> In fact, the computer name is dcshdct02, but if I open the certification 
>>> authority MMC, the name of the server is : mydomain-DCSHDCT02-CA.
>>>
>>>
>>>
>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>> Hello,
>>>>>
>>>>> You say :
>>>>>
>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC.
>>>>>
>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I 
>>>>> can see on the Certification authority MMC?
>>>>>
>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the 
>>>>> name I see on the CA MMC.
>>>>>
>>>>> Julien
>>>>>
>>>>>
>>>>
>>>>
>>>> The CAName is the computer name of your CA (Certificate Authority) 
>>>> server.
>>>>
>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't 
>>>> browse by the name in the CA MMC console? what name is that?
>>>>
>>>> Ace
>>>> 
0
Jorge
2/9/2010 9:02:18 PM
Hello,


This is my ipconfig :

----------------------------------------------------------------------------------------------

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DCITDCT01
   Primary Dns Suffix  . . . . . . . : mydomain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : mydomain.local

Ethernet adDCter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network 
Connection
   Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.11.254
   DNS Servers . . . . . . . . . . . : 192.168.11.14
                                       192.168.30.2
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATDC AdDCter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adDCter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

-------------------------------------------------------------------------------------------------------------

Here are my application log error :

-------------------------------------------------------------------------------------------------------------

Log Name:      DCplication
Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date:          10.02.2010 05:42:07
Event ID:      6
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DCITDCT01.mydomain.local
Description:
Automatic certificate enrollment for local system failed (0x800706ba) The 
RPC server is unavailable.
..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider 
Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" 
Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" 
EventSourceName="AutoEnrollment" />
    <EventID Qualifiers="16384">6</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
    <EventRecordID>2334</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>DCplication</Channel>
    <Computer>DCITDCT01.mydomain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Context">local system</Data>
    <Data Name="ErrorCode">0x800706ba</Data>
    <Data Name="ErrorMsg">The RPC server is unavailable.
</Data>
  </EventData>
</Event>

Log Name:      DCplication
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Date:          10.02.2010 05:42:07
Event ID:      13
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      DCITDCT01.mydomain.local
Description:
Certificate enrollment for Local system failed to enroll for a 
DomainController certificate with request ID N/A from 
DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is 
unavailable. 0x800706ba (WIN32: 1722)).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" 
/>
    <EventID Qualifiers="49754">13</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
    <EventRecordID>2333</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>DCplication</Channel>
    <Computer>DCITDCT01.mydomain.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Context">Local system</Data>
    <Data Name="TemplateName">DomainController</Data>
    <Data 
Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data>
    <Data Name="CA">N/A</Data>
    <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba (WIN32: 
1722)</Data>
  </EventData>
</Event>

Log Name:      DCplication
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Date:          10.02.2010 05:41:26
Event ID:      64
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      DCITDCT01.mydomain.local
Description:
Certificate enrollment for Local system successfully load policy from policy 
server
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" 
/>
    <EventID Qualifiers="33370">64</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
    <EventRecordID>2332</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>DCplication</Channel>
    <Computer>DCITDCT01.mydomain.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Context">Local system</Data>
    <Data Name="ServerID">
    </Data>
  </EventData>
</Event>

Log Name:      DCplication
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Date:          10.02.2010 05:41:26
Event ID:      65
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      DCITDCT01.mydomain.local
Description:
Certificate enrollment for Local system is successfully authenticated by 
policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" 
/>
    <EventID Qualifiers="33370">65</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
    <EventRecordID>2331</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>DCplication</Channel>
    <Computer>DCITDCT01.mydomain.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Context">Local system</Data>
    <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data>
  </EventData>
</Event>

Log Name:      DCplication
Source:        SceCli
Date:          10.02.2010 03:11:30
Event ID:      1704
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DCITDCT01.mydomain.local
Description:
Security policy in the Group policy objects has been DCplied successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SceCli" />
    <EventID Qualifiers="16384">1704</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" />
    <EventRecordID>2330</EventRecordID>
    <Channel>DCplication</Channel>
    <Computer>DCITDCT01.mydomain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
  </EventData>
</Event>

---------------------------------------------------------------------------------------------------------------------------

Here are my system log error :

-----------------------------------------------------------------------------------------------------------------------------

Log Name:      System
Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
Date:          10.02.2010 01:39:03
Event ID:      29
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      DCITDCT01.mydomain.local
Description:
The Key Distribution Center (KDC) cannot find a suitable certificate to use 
for smart card logons, or the KDC certificate could not be verified. Smart 
card logon may not function correctly if this problem is not resolved. To 
correct this problem, either verify the existing KDC certificate using 
certutil.exe or enroll for a new KDC certificate.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" 
Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
    <EventID Qualifiers="32768">29</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" />
    <EventRecordID>3205</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>DCITDCT01.mydomain.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

----------------------------------------------------------------------------------------------------------------------------------------------------------

I don't have any other error except DFS Replication that I maid for remote 
backup.

Did you need more details or log?



"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
news:uTweL9NqKHA.4280@TK2MSFTNGP06.phx.gbl...
>
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>> Hello,
>>
>> I can do a SMB connection but I don't have the certificate.
>>
>> Can any body help me to resolve this issue?
>>
>> Julien
>
> Can you connect to the CA using a browser? If you can, you can request a 
> cert.
>
> https://dcshdct02
> or
> http://dcshdct02
>
> Also, you said that you've opened the firewall up wide open, correct? That 
> should have alleviated the RPC errors. However, if it didn't resolve the 
> errors, then something else is going on. It could be using the wrong DNS, 
> multihomed DC (more than one NIC and/or RRAS is installed on a DC) which 
> will cause these problems, too, due to incorrect DNS lookups, which will 
> stop GPOs from applying, among other things.
>
> Can you post an ipconfig /all from the DC, as well as any EventID# errors 
> (App, System, FRS, Dir Service logs)?
>
> Ace
>
> 
0
Julien
2/10/2010 7:51:32 AM
Hello,

> Did you test SMB from that DC?

Yes, I did. I test smb connection form and to my dc.

> IS that DC passing through ISA?

No, we don't use ISA!

>You may need to reboot the DC twice

I'll try this, this night, but if I remember well I already reboot it more 
thant twice.


Julien




"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com...
> Is the CA service started?
> Did you test SMB from that DC?
> IS that DC passing through ISA? IF yes, can you disable the RPC filter for 
> that rule and test again? You may need to reboot the DC twice until that 
> error goes away.
>
> -- 
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
>
>
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>> Hello,
>>
>> I can do a SMB connection but I don't have the certificate.
>>
>> Can any body help me to resolve this issue?
>>
>> Julien
>>
>>
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>>> Hi
>>> Yes, test the connection using \\dcshdct02
>>>
>>>
>>> -- 
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no 
>>> rights.
>>>
>>>
>>>
>>>
>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>>> Hello,
>>>>
>>>> In fact, the computer name is dcshdct02, but if I open the 
>>>> certification authority MMC, the name of the server is : 
>>>> mydomain-DCSHDCT02-CA.
>>>>
>>>>
>>>>
>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>>> Hello,
>>>>>>
>>>>>> You say :
>>>>>>
>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC.
>>>>>>
>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name 
>>>>>> I can see on the Certification authority MMC?
>>>>>>
>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the 
>>>>>> name I see on the CA MMC.
>>>>>>
>>>>>> Julien
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> The CAName is the computer name of your CA (Certificate Authority) 
>>>>> server.
>>>>>
>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't 
>>>>> browse by the name in the CA MMC console? what name is that?
>>>>>
>>>>> Ace
>>>>> 
0
Julien
2/10/2010 7:58:44 AM
Ok, do that, can you also explain these 2 DNS entries:
                                       192.168.30.2
                                       127.0.0.1

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com...
> Hello,
>
>> Did you test SMB from that DC?
>
> Yes, I did. I test smb connection form and to my dc.
>
>> IS that DC passing through ISA?
>
> No, we don't use ISA!
>
>>You may need to reboot the DC twice
>
> I'll try this, this night, but if I remember well I already reboot it more 
> thant twice.
>
>
> Julien
>
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com...
>> Is the CA service started?
>> Did you test SMB from that DC?
>> IS that DC passing through ISA? IF yes, can you disable the RPC filter 
>> for that rule and test again? You may need to reboot the DC twice until 
>> that error goes away.
>>
>> -- 
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>>
>>
>>
>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>>> Hello,
>>>
>>> I can do a SMB connection but I don't have the certificate.
>>>
>>> Can any body help me to resolve this issue?
>>>
>>> Julien
>>>
>>>
>>>
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>>>> Hi
>>>> Yes, test the connection using \\dcshdct02
>>>>
>>>>
>>>> -- 
>>>>
>>>> I hope that the information above helps you.
>>>> Have a Nice day.
>>>>
>>>> Jorge Silva
>>>> MVP Directory Services
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>> rights.
>>>>
>>>>
>>>>
>>>>
>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>>>> Hello,
>>>>>
>>>>> In fact, the computer name is dcshdct02, but if I open the 
>>>>> certification authority MMC, the name of the server is : 
>>>>> mydomain-DCSHDCT02-CA.
>>>>>
>>>>>
>>>>>
>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>>>> Hello,
>>>>>>>
>>>>>>> You say :
>>>>>>>
>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that 
>>>>>>>> DC.
>>>>>>>
>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name 
>>>>>>> I can see on the Certification authority MMC?
>>>>>>>
>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the 
>>>>>>> name I see on the CA MMC.
>>>>>>>
>>>>>>> Julien
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> The CAName is the computer name of your CA (Certificate Authority) 
>>>>>> server.
>>>>>>
>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't 
>>>>>> browse by the name in the CA MMC console? what name is that?
>>>>>>
>>>>>> Ace
>>>>>> 
0
Jorge
2/10/2010 12:30:30 PM
ok simple 127.0.0.1 I have delete ... I don't know why is here.

192.168.30.2 is my central site and my fist DC on my domain.

I have a lot of site and this address is the ranch for my central offices.



"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com...
> Ok, do that, can you also explain these 2 DNS entries:
>                                       192.168.30.2
>                                       127.0.0.1
>
> -- 
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
>
>
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com...
>> Hello,
>>
>>> Did you test SMB from that DC?
>>
>> Yes, I did. I test smb connection form and to my dc.
>>
>>> IS that DC passing through ISA?
>>
>> No, we don't use ISA!
>>
>>>You may need to reboot the DC twice
>>
>> I'll try this, this night, but if I remember well I already reboot it 
>> more thant twice.
>>
>>
>> Julien
>>
>>
>>
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com...
>>> Is the CA service started?
>>> Did you test SMB from that DC?
>>> IS that DC passing through ISA? IF yes, can you disable the RPC filter 
>>> for that rule and test again? You may need to reboot the DC twice until 
>>> that error goes away.
>>>
>>> -- 
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no 
>>> rights.
>>>
>>>
>>>
>>>
>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>>>> Hello,
>>>>
>>>> I can do a SMB connection but I don't have the certificate.
>>>>
>>>> Can any body help me to resolve this issue?
>>>>
>>>> Julien
>>>>
>>>>
>>>>
>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>>>>> Hi
>>>>> Yes, test the connection using \\dcshdct02
>>>>>
>>>>>
>>>>> -- 
>>>>>
>>>>> I hope that the information above helps you.
>>>>> Have a Nice day.
>>>>>
>>>>> Jorge Silva
>>>>> MVP Directory Services
>>>>>
>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>> rights.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>>>>> Hello,
>>>>>>
>>>>>> In fact, the computer name is dcshdct02, but if I open the 
>>>>>> certification authority MMC, the name of the server is : 
>>>>>> mydomain-DCSHDCT02-CA.
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>>>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> You say :
>>>>>>>>
>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that 
>>>>>>>>> DC.
>>>>>>>>
>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the 
>>>>>>>> name I can see on the Certification authority MMC?
>>>>>>>>
>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the 
>>>>>>>> name I see on the CA MMC.
>>>>>>>>
>>>>>>>> Julien
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The CAName is the computer name of your CA (Certificate Authority) 
>>>>>>> server.
>>>>>>>
>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't 
>>>>>>> browse by the name in the CA MMC console? what name is that?
>>>>>>>
>>>>>>> Ace
>>>>>>> 
0
Julien
2/10/2010 1:12:48 PM
Ok,
- Did you also test SMB from the CA to the DC?
- Can you ping from both sides (DC and CA) to each other?
- Did you already reboot the DC 2?

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com...
> ok simple 127.0.0.1 I have delete ... I don't know why is here.
>
> 192.168.30.2 is my central site and my fist DC on my domain.
>
> I have a lot of site and this address is the ranch for my central offices.
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com...
>> Ok, do that, can you also explain these 2 DNS entries:
>>                                       192.168.30.2
>>                                       127.0.0.1
>>
>> -- 
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>>
>>
>>
>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com...
>>> Hello,
>>>
>>>> Did you test SMB from that DC?
>>>
>>> Yes, I did. I test smb connection form and to my dc.
>>>
>>>> IS that DC passing through ISA?
>>>
>>> No, we don't use ISA!
>>>
>>>>You may need to reboot the DC twice
>>>
>>> I'll try this, this night, but if I remember well I already reboot it 
>>> more thant twice.
>>>
>>>
>>> Julien
>>>
>>>
>>>
>>>
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com...
>>>> Is the CA service started?
>>>> Did you test SMB from that DC?
>>>> IS that DC passing through ISA? IF yes, can you disable the RPC filter 
>>>> for that rule and test again? You may need to reboot the DC twice until 
>>>> that error goes away.
>>>>
>>>> -- 
>>>>
>>>> I hope that the information above helps you.
>>>> Have a Nice day.
>>>>
>>>> Jorge Silva
>>>> MVP Directory Services
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>> rights.
>>>>
>>>>
>>>>
>>>>
>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>>>>> Hello,
>>>>>
>>>>> I can do a SMB connection but I don't have the certificate.
>>>>>
>>>>> Can any body help me to resolve this issue?
>>>>>
>>>>> Julien
>>>>>
>>>>>
>>>>>
>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>>>>>> Hi
>>>>>> Yes, test the connection using \\dcshdct02
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>>
>>>>>> I hope that the information above helps you.
>>>>>> Have a Nice day.
>>>>>>
>>>>>> Jorge Silva
>>>>>> MVP Directory Services
>>>>>>
>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>>> rights.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>>>>>> Hello,
>>>>>>>
>>>>>>> In fact, the computer name is dcshdct02, but if I open the 
>>>>>>> certification authority MMC, the name of the server is : 
>>>>>>> mydomain-DCSHDCT02-CA.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>>>>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> You say :
>>>>>>>>>
>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that 
>>>>>>>>>> DC.
>>>>>>>>>
>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the 
>>>>>>>>> name I can see on the Certification authority MMC?
>>>>>>>>>
>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the 
>>>>>>>>> name I see on the CA MMC.
>>>>>>>>>
>>>>>>>>> Julien
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> The CAName is the computer name of your CA (Certificate Authority) 
>>>>>>>> server.
>>>>>>>>
>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't 
>>>>>>>> browse by the name in the CA MMC console? what name is that?
>>>>>>>>
>>>>>>>> Ace
>>>>>>>> 
0
Jorge
2/11/2010 1:39:13 AM
> - Did you also test SMB from the CA to the DC?

Yes, I do

> - Can you ping from both sides (DC and CA) to each other?

Yes, I can

> - Did you already reboot the DC 2?

I have palnned to reboot my dc and the ca this night.



"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
news:7B115C84-012E-4397-8F34-ECAC27074558@microsoft.com...
> Ok,
> - Did you also test SMB from the CA to the DC?
> - Can you ping from both sides (DC and CA) to each other?
> - Did you already reboot the DC 2?
>
> -- 
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
>
>
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com...
>> ok simple 127.0.0.1 I have delete ... I don't know why is here.
>>
>> 192.168.30.2 is my central site and my fist DC on my domain.
>>
>> I have a lot of site and this address is the ranch for my central 
>> offices.
>>
>>
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com...
>>> Ok, do that, can you also explain these 2 DNS entries:
>>>                                       192.168.30.2
>>>                                       127.0.0.1
>>>
>>> -- 
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no 
>>> rights.
>>>
>>>
>>>
>>>
>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com...
>>>> Hello,
>>>>
>>>>> Did you test SMB from that DC?
>>>>
>>>> Yes, I did. I test smb connection form and to my dc.
>>>>
>>>>> IS that DC passing through ISA?
>>>>
>>>> No, we don't use ISA!
>>>>
>>>>>You may need to reboot the DC twice
>>>>
>>>> I'll try this, this night, but if I remember well I already reboot it 
>>>> more thant twice.
>>>>
>>>>
>>>> Julien
>>>>
>>>>
>>>>
>>>>
>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com...
>>>>> Is the CA service started?
>>>>> Did you test SMB from that DC?
>>>>> IS that DC passing through ISA? IF yes, can you disable the RPC filter 
>>>>> for that rule and test again? You may need to reboot the DC twice 
>>>>> until that error goes away.
>>>>>
>>>>> -- 
>>>>>
>>>>> I hope that the information above helps you.
>>>>> Have a Nice day.
>>>>>
>>>>> Jorge Silva
>>>>> MVP Directory Services
>>>>>
>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>> rights.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>>>>>> Hello,
>>>>>>
>>>>>> I can do a SMB connection but I don't have the certificate.
>>>>>>
>>>>>> Can any body help me to resolve this issue?
>>>>>>
>>>>>> Julien
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>>>>>>> Hi
>>>>>>> Yes, test the connection using \\dcshdct02
>>>>>>>
>>>>>>>
>>>>>>> -- 
>>>>>>>
>>>>>>> I hope that the information above helps you.
>>>>>>> Have a Nice day.
>>>>>>>
>>>>>>> Jorge Silva
>>>>>>> MVP Directory Services
>>>>>>>
>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>>>> rights.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> In fact, the computer name is dcshdct02, but if I open the 
>>>>>>>> certification authority MMC, the name of the server is : 
>>>>>>>> mydomain-DCSHDCT02-CA.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>>>>>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> You say :
>>>>>>>>>>
>>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that 
>>>>>>>>>>> DC.
>>>>>>>>>>
>>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the 
>>>>>>>>>> name I can see on the Certification authority MMC?
>>>>>>>>>>
>>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not 
>>>>>>>>>> the name I see on the CA MMC.
>>>>>>>>>>
>>>>>>>>>> Julien
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The CAName is the computer name of your CA (Certificate Authority) 
>>>>>>>>> server.
>>>>>>>>>
>>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't 
>>>>>>>>> browse by the name in the CA MMC console? what name is that?
>>>>>>>>>
>>>>>>>>> Ace
>>>>>>>>> 
0
Julien
2/11/2010 10:39:40 AM
Hold on...
If you're going to reboot the CA...
1St the CA, after the CA is up, do 2 reboots with a logon between them on 
the DC.

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:T5idndaKfvbpQ-7WnZ2dnUVZ8vOdnZ2d@giganews.com...
>> - Did you also test SMB from the CA to the DC?
>
> Yes, I do
>
>> - Can you ping from both sides (DC and CA) to each other?
>
> Yes, I can
>
>> - Did you already reboot the DC 2?
>
> I have palnned to reboot my dc and the ca this night.
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
> news:7B115C84-012E-4397-8F34-ECAC27074558@microsoft.com...
>> Ok,
>> - Did you also test SMB from the CA to the DC?
>> - Can you ping from both sides (DC and CA) to each other?
>> - Did you already reboot the DC 2?
>>
>> -- 
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>>
>>
>>
>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>> news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com...
>>> ok simple 127.0.0.1 I have delete ... I don't know why is here.
>>>
>>> 192.168.30.2 is my central site and my fist DC on my domain.
>>>
>>> I have a lot of site and this address is the ranch for my central 
>>> offices.
>>>
>>>
>>>
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com...
>>>> Ok, do that, can you also explain these 2 DNS entries:
>>>>                                       192.168.30.2
>>>>                                       127.0.0.1
>>>>
>>>> -- 
>>>>
>>>> I hope that the information above helps you.
>>>> Have a Nice day.
>>>>
>>>> Jorge Silva
>>>> MVP Directory Services
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>> rights.
>>>>
>>>>
>>>>
>>>>
>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com...
>>>>> Hello,
>>>>>
>>>>>> Did you test SMB from that DC?
>>>>>
>>>>> Yes, I did. I test smb connection form and to my dc.
>>>>>
>>>>>> IS that DC passing through ISA?
>>>>>
>>>>> No, we don't use ISA!
>>>>>
>>>>>>You may need to reboot the DC twice
>>>>>
>>>>> I'll try this, this night, but if I remember well I already reboot it 
>>>>> more thant twice.
>>>>>
>>>>>
>>>>> Julien
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com...
>>>>>> Is the CA service started?
>>>>>> Did you test SMB from that DC?
>>>>>> IS that DC passing through ISA? IF yes, can you disable the RPC 
>>>>>> filter for that rule and test again? You may need to reboot the DC 
>>>>>> twice until that error goes away.
>>>>>>
>>>>>> -- 
>>>>>>
>>>>>> I hope that the information above helps you.
>>>>>> Have a Nice day.
>>>>>>
>>>>>> Jorge Silva
>>>>>> MVP Directory Services
>>>>>>
>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>>> rights.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>>>>>>> Hello,
>>>>>>>
>>>>>>> I can do a SMB connection but I don't have the certificate.
>>>>>>>
>>>>>>> Can any body help me to resolve this issue?
>>>>>>>
>>>>>>> Julien
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>>>>>>>> Hi
>>>>>>>> Yes, test the connection using \\dcshdct02
>>>>>>>>
>>>>>>>>
>>>>>>>> -- 
>>>>>>>>
>>>>>>>> I hope that the information above helps you.
>>>>>>>> Have a Nice day.
>>>>>>>>
>>>>>>>> Jorge Silva
>>>>>>>> MVP Directory Services
>>>>>>>>
>>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>>>>> rights.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> In fact, the computer name is dcshdct02, but if I open the 
>>>>>>>>> certification authority MMC, the name of the server is : 
>>>>>>>>> mydomain-DCSHDCT02-CA.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote 
>>>>>>>>> in message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> You say :
>>>>>>>>>>>
>>>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from 
>>>>>>>>>>>> that DC.
>>>>>>>>>>>
>>>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the 
>>>>>>>>>>> name I can see on the Certification authority MMC?
>>>>>>>>>>>
>>>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not 
>>>>>>>>>>> the name I see on the CA MMC.
>>>>>>>>>>>
>>>>>>>>>>> Julien
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> The CAName is the computer name of your CA (Certificate 
>>>>>>>>>> Authority) server.
>>>>>>>>>>
>>>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't 
>>>>>>>>>> browse by the name in the CA MMC console? what name is that?
>>>>>>>>>>
>>>>>>>>>> Ace
>>>>>>>>>> 
0
Jorge
2/11/2010 5:53:17 PM
Another thing, please check if you have any thyrd party FW installed on the 
DC and CA. For instance, some antivirus have additional products that 
provides FW capabilities.

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:T5idndaKfvbpQ-7WnZ2dnUVZ8vOdnZ2d@giganews.com...
>> - Did you also test SMB from the CA to the DC?
>
> Yes, I do
>
>> - Can you ping from both sides (DC and CA) to each other?
>
> Yes, I can
>
>> - Did you already reboot the DC 2?
>
> I have palnned to reboot my dc and the ca this night.
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
> news:7B115C84-012E-4397-8F34-ECAC27074558@microsoft.com...
>> Ok,
>> - Did you also test SMB from the CA to the DC?
>> - Can you ping from both sides (DC and CA) to each other?
>> - Did you already reboot the DC 2?
>>
>> -- 
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>>
>>
>>
>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>> news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com...
>>> ok simple 127.0.0.1 I have delete ... I don't know why is here.
>>>
>>> 192.168.30.2 is my central site and my fist DC on my domain.
>>>
>>> I have a lot of site and this address is the ranch for my central 
>>> offices.
>>>
>>>
>>>
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com...
>>>> Ok, do that, can you also explain these 2 DNS entries:
>>>>                                       192.168.30.2
>>>>                                       127.0.0.1
>>>>
>>>> -- 
>>>>
>>>> I hope that the information above helps you.
>>>> Have a Nice day.
>>>>
>>>> Jorge Silva
>>>> MVP Directory Services
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>> rights.
>>>>
>>>>
>>>>
>>>>
>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com...
>>>>> Hello,
>>>>>
>>>>>> Did you test SMB from that DC?
>>>>>
>>>>> Yes, I did. I test smb connection form and to my dc.
>>>>>
>>>>>> IS that DC passing through ISA?
>>>>>
>>>>> No, we don't use ISA!
>>>>>
>>>>>>You may need to reboot the DC twice
>>>>>
>>>>> I'll try this, this night, but if I remember well I already reboot it 
>>>>> more thant twice.
>>>>>
>>>>>
>>>>> Julien
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com...
>>>>>> Is the CA service started?
>>>>>> Did you test SMB from that DC?
>>>>>> IS that DC passing through ISA? IF yes, can you disable the RPC 
>>>>>> filter for that rule and test again? You may need to reboot the DC 
>>>>>> twice until that error goes away.
>>>>>>
>>>>>> -- 
>>>>>>
>>>>>> I hope that the information above helps you.
>>>>>> Have a Nice day.
>>>>>>
>>>>>> Jorge Silva
>>>>>> MVP Directory Services
>>>>>>
>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>>> rights.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>>>>>>> Hello,
>>>>>>>
>>>>>>> I can do a SMB connection but I don't have the certificate.
>>>>>>>
>>>>>>> Can any body help me to resolve this issue?
>>>>>>>
>>>>>>> Julien
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>>>>>>>> Hi
>>>>>>>> Yes, test the connection using \\dcshdct02
>>>>>>>>
>>>>>>>>
>>>>>>>> -- 
>>>>>>>>
>>>>>>>> I hope that the information above helps you.
>>>>>>>> Have a Nice day.
>>>>>>>>
>>>>>>>> Jorge Silva
>>>>>>>> MVP Directory Services
>>>>>>>>
>>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>>>>> rights.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> In fact, the computer name is dcshdct02, but if I open the 
>>>>>>>>> certification authority MMC, the name of the server is : 
>>>>>>>>> mydomain-DCSHDCT02-CA.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote 
>>>>>>>>> in message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> You say :
>>>>>>>>>>>
>>>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from 
>>>>>>>>>>>> that DC.
>>>>>>>>>>>
>>>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the 
>>>>>>>>>>> name I can see on the Certification authority MMC?
>>>>>>>>>>>
>>>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not 
>>>>>>>>>>> the name I see on the CA MMC.
>>>>>>>>>>>
>>>>>>>>>>> Julien
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> The CAName is the computer name of your CA (Certificate 
>>>>>>>>>> Authority) server.
>>>>>>>>>>
>>>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't 
>>>>>>>>>> browse by the name in the CA MMC console? what name is that?
>>>>>>>>>>
>>>>>>>>>> Ace
>>>>>>>>>> 
0
Jorge
2/11/2010 5:55:20 PM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com...
> ok simple 127.0.0.1 I have delete ... I don't know why is here.
>
> 192.168.30.2 is my central site and my fist DC on my domain.
>
> I have a lot of site and this address is the ranch for my central offices.
>

In a multi-site scenario, I suggest, as well as the consensus, to use itself 
as the first DNS entry, and the other one as the second entry, otherwise all 
intial queries will be hitting the first entry across the WAN link.

Good you removed the loopback. That was put in by dcpromo.

Ace



0
Ace
2/12/2010 5:04:34 AM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com...
> Hello,
>
>
> This is my ipconfig :
>
> ----------------------------------------------------------------------------------------------
>
> ipconfig /all
>
> Windows IP Configuration
>
>   Host Name . . . . . . . . . . . . : DCITDCT01
>   Primary Dns Suffix  . . . . . . . : mydomain.local
>   Node Type . . . . . . . . . . . . : Hybrid
>   IP Routing Enabled. . . . . . . . : No
>   WINS Proxy Enabled. . . . . . . . : No
>   DNS Suffix Search List. . . . . . : mydomain.local
>
> Ethernet adDCter Local Area Connection:
>
>   Connection-specific DNS Suffix  . :
>   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network 
> Connection
>   Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4
>   DHCP Enabled. . . . . . . . . . . : No
>   Autoconfiguration Enabled . . . . : Yes
>   IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred)
>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>   Default Gateway . . . . . . . . . : 192.168.11.254
>   DNS Servers . . . . . . . . . . . : 192.168.11.14
>                                       192.168.30.2
>                                       127.0.0.1
>   NetBIOS over Tcpip. . . . . . . . : Enabled
>
> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}:
>
>   Media State . . . . . . . . . . . : Media disconnected
>   Connection-specific DNS Suffix  . :
>   Description . . . . . . . . . . . : Microsoft ISATDC AdDCter
>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>   DHCP Enabled. . . . . . . . . . . : No
>   Autoconfiguration Enabled . . . . : Yes
>
> Tunnel adDCter Local Area Connection* 11:
>
>   Media State . . . . . . . . . . . : Media disconnected
>   Connection-specific DNS Suffix  . :
>   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>   DHCP Enabled. . . . . . . . . . . : No
>   Autoconfiguration Enabled . . . . : Yes
>
> -------------------------------------------------------------------------------------------------------------
>
> Here are my application log error :
>
> -------------------------------------------------------------------------------------------------------------
>
> Log Name:      DCplication
> Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment
> Date:          10.02.2010 05:42:07
> Event ID:      6
> Task Category: None
> Level:         Error
> Keywords:      Classic
> User:          N/A
> Computer:      DCITDCT01.mydomain.local
> Description:
> Automatic certificate enrollment for local system failed (0x800706ba) The 
> RPC server is unavailable.
> .
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>  <System>
>    <Provider 
> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" 
> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" 
> EventSourceName="AutoEnrollment" />
>    <EventID Qualifiers="16384">6</EventID>
>    <Version>0</Version>
>    <Level>2</Level>
>    <Task>0</Task>
>    <Opcode>0</Opcode>
>    <Keywords>0x80000000000000</Keywords>
>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>    <EventRecordID>2334</EventRecordID>
>    <Correlation />
>    <Execution ProcessID="0" ThreadID="0" />
>    <Channel>DCplication</Channel>
>    <Computer>DCITDCT01.mydomain.local</Computer>
>    <Security />
>  </System>
>  <EventData>
>    <Data Name="Context">local system</Data>
>    <Data Name="ErrorCode">0x800706ba</Data>
>    <Data Name="ErrorMsg">The RPC server is unavailable.
> </Data>
>  </EventData>
> </Event>
>
> Log Name:      DCplication
> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
> Date:          10.02.2010 05:42:07
> Event ID:      13
> Task Category: None
> Level:         Error
> Keywords:      Classic
> User:          SYSTEM
> Computer:      DCITDCT01.mydomain.local
> Description:
> Certificate enrollment for Local system failed to enroll for a 
> DomainController certificate with request ID N/A from 
> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is 
> unavailable. 0x800706ba (WIN32: 1722)).
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>  <System>
>    <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" 
> />
>    <EventID Qualifiers="49754">13</EventID>
>    <Version>0</Version>
>    <Level>2</Level>
>    <Task>0</Task>
>    <Opcode>0</Opcode>
>    <Keywords>0x80000000000000</Keywords>
>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>    <EventRecordID>2333</EventRecordID>
>    <Correlation />
>    <Execution ProcessID="0" ThreadID="0" />
>    <Channel>DCplication</Channel>
>    <Computer>DCITDCT01.mydomain.local</Computer>
>    <Security UserID="S-1-5-18" />
>  </System>
>  <EventData>
>    <Data Name="Context">Local system</Data>
>    <Data Name="TemplateName">DomainController</Data>
>    <Data 
> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data>
>    <Data Name="CA">N/A</Data>
>    <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba 
> (WIN32: 1722)</Data>
>  </EventData>
> </Event>
>
> Log Name:      DCplication
> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
> Date:          10.02.2010 05:41:26
> Event ID:      64
> Task Category: None
> Level:         Information
> Keywords:      Classic
> User:          SYSTEM
> Computer:      DCITDCT01.mydomain.local
> Description:
> Certificate enrollment for Local system successfully load policy from 
> policy server
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>  <System>
>    <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" 
> />
>    <EventID Qualifiers="33370">64</EventID>
>    <Version>0</Version>
>    <Level>0</Level>
>    <Task>0</Task>
>    <Opcode>0</Opcode>
>    <Keywords>0x80000000000000</Keywords>
>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>    <EventRecordID>2332</EventRecordID>
>    <Correlation />
>    <Execution ProcessID="0" ThreadID="0" />
>    <Channel>DCplication</Channel>
>    <Computer>DCITDCT01.mydomain.local</Computer>
>    <Security UserID="S-1-5-18" />
>  </System>
>  <EventData>
>    <Data Name="Context">Local system</Data>
>    <Data Name="ServerID">
>    </Data>
>  </EventData>
> </Event>
>
> Log Name:      DCplication
> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
> Date:          10.02.2010 05:41:26
> Event ID:      65
> Task Category: None
> Level:         Information
> Keywords:      Classic
> User:          SYSTEM
> Computer:      DCITDCT01.mydomain.local
> Description:
> Certificate enrollment for Local system is successfully authenticated by 
> policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>  <System>
>    <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" 
> />
>    <EventID Qualifiers="33370">65</EventID>
>    <Version>0</Version>
>    <Level>0</Level>
>    <Task>0</Task>
>    <Opcode>0</Opcode>
>    <Keywords>0x80000000000000</Keywords>
>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>    <EventRecordID>2331</EventRecordID>
>    <Correlation />
>    <Execution ProcessID="0" ThreadID="0" />
>    <Channel>DCplication</Channel>
>    <Computer>DCITDCT01.mydomain.local</Computer>
>    <Security UserID="S-1-5-18" />
>  </System>
>  <EventData>
>    <Data Name="Context">Local system</Data>
>    <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data>
>  </EventData>
> </Event>
>
> Log Name:      DCplication
> Source:        SceCli
> Date:          10.02.2010 03:11:30
> Event ID:      1704
> Task Category: None
> Level:         Information
> Keywords:      Classic
> User:          N/A
> Computer:      DCITDCT01.mydomain.local
> Description:
> Security policy in the Group policy objects has been DCplied successfully.
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>  <System>
>    <Provider Name="SceCli" />
>    <EventID Qualifiers="16384">1704</EventID>
>    <Level>4</Level>
>    <Task>0</Task>
>    <Keywords>0x80000000000000</Keywords>
>    <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" />
>    <EventRecordID>2330</EventRecordID>
>    <Channel>DCplication</Channel>
>    <Computer>DCITDCT01.mydomain.local</Computer>
>    <Security />
>  </System>
>  <EventData>
>    <Data>
>    </Data>
>  </EventData>
> </Event>
>
> ---------------------------------------------------------------------------------------------------------------------------
>
> Here are my system log error :
>
> -----------------------------------------------------------------------------------------------------------------------------
>
> Log Name:      System
> Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
> Date:          10.02.2010 01:39:03
> Event ID:      29
> Task Category: None
> Level:         Warning
> Keywords:      Classic
> User:          N/A
> Computer:      DCITDCT01.mydomain.local
> Description:
> The Key Distribution Center (KDC) cannot find a suitable certificate to 
> use for smart card logons, or the KDC certificate could not be verified. 
> Smart card logon may not function correctly if this problem is not 
> resolved. To correct this problem, either verify the existing KDC 
> certificate using certutil.exe or enroll for a new KDC certificate.
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>  <System>
>    <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" 
> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
>    <EventID Qualifiers="32768">29</EventID>
>    <Version>0</Version>
>    <Level>3</Level>
>    <Task>0</Task>
>    <Opcode>0</Opcode>
>    <Keywords>0x80000000000000</Keywords>
>    <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" />
>    <EventRecordID>3205</EventRecordID>
>    <Correlation />
>    <Execution ProcessID="0" ThreadID="0" />
>    <Channel>System</Channel>
>    <Computer>DCITDCT01.mydomain.local</Computer>
>    <Security />
>  </System>
>  <EventData>
>  </EventData>
> </Event>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------
>
> I don't have any other error except DFS Replication that I maid for remote 
> backup.
>
> Did you need more details or log?



Thank you for posting this info. All the errors indicate the CA is not 
resolvable or responding. Follow Jorge's suggestions.

Also, I was curious of this part, but I didn't see it in your response:

Can you connect to the CA using a browser? If you can, you can request a
cert.

https://dcshdct02
or
http://dcshdct02

Ace 


0
Ace
2/12/2010 5:07:39 AM
Ops, I also miss that important part about http; https access...

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
news:uq#UOF6qKHA.4604@TK2MSFTNGP05.phx.gbl...
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com...
>> Hello,
>>
>>
>> This is my ipconfig :
>>
>> ----------------------------------------------------------------------------------------------
>>
>> ipconfig /all
>>
>> Windows IP Configuration
>>
>>   Host Name . . . . . . . . . . . . : DCITDCT01
>>   Primary Dns Suffix  . . . . . . . : mydomain.local
>>   Node Type . . . . . . . . . . . . : Hybrid
>>   IP Routing Enabled. . . . . . . . : No
>>   WINS Proxy Enabled. . . . . . . . : No
>>   DNS Suffix Search List. . . . . . : mydomain.local
>>
>> Ethernet adDCter Local Area Connection:
>>
>>   Connection-specific DNS Suffix  . :
>>   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network 
>> Connection
>>   Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4
>>   DHCP Enabled. . . . . . . . . . . : No
>>   Autoconfiguration Enabled . . . . : Yes
>>   IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred)
>>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>   Default Gateway . . . . . . . . . : 192.168.11.254
>>   DNS Servers . . . . . . . . . . . : 192.168.11.14
>>                                       192.168.30.2
>>                                       127.0.0.1
>>   NetBIOS over Tcpip. . . . . . . . : Enabled
>>
>> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}:
>>
>>   Media State . . . . . . . . . . . : Media disconnected
>>   Connection-specific DNS Suffix  . :
>>   Description . . . . . . . . . . . : Microsoft ISATDC AdDCter
>>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>>   DHCP Enabled. . . . . . . . . . . : No
>>   Autoconfiguration Enabled . . . . : Yes
>>
>> Tunnel adDCter Local Area Connection* 11:
>>
>>   Media State . . . . . . . . . . . : Media disconnected
>>   Connection-specific DNS Suffix  . :
>>   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
>>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>>   DHCP Enabled. . . . . . . . . . . : No
>>   Autoconfiguration Enabled . . . . : Yes
>>
>> -------------------------------------------------------------------------------------------------------------
>>
>> Here are my application log error :
>>
>> -------------------------------------------------------------------------------------------------------------
>>
>> Log Name:      DCplication
>> Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment
>> Date:          10.02.2010 05:42:07
>> Event ID:      6
>> Task Category: None
>> Level:         Error
>> Keywords:      Classic
>> User:          N/A
>> Computer:      DCITDCT01.mydomain.local
>> Description:
>> Automatic certificate enrollment for local system failed (0x800706ba) The 
>> RPC server is unavailable.
>> .
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>  <System>
>>    <Provider 
>> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" 
>> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" 
>> EventSourceName="AutoEnrollment" />
>>    <EventID Qualifiers="16384">6</EventID>
>>    <Version>0</Version>
>>    <Level>2</Level>
>>    <Task>0</Task>
>>    <Opcode>0</Opcode>
>>    <Keywords>0x80000000000000</Keywords>
>>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>>    <EventRecordID>2334</EventRecordID>
>>    <Correlation />
>>    <Execution ProcessID="0" ThreadID="0" />
>>    <Channel>DCplication</Channel>
>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>    <Security />
>>  </System>
>>  <EventData>
>>    <Data Name="Context">local system</Data>
>>    <Data Name="ErrorCode">0x800706ba</Data>
>>    <Data Name="ErrorMsg">The RPC server is unavailable.
>> </Data>
>>  </EventData>
>> </Event>
>>
>> Log Name:      DCplication
>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>> Date:          10.02.2010 05:42:07
>> Event ID:      13
>> Task Category: None
>> Level:         Error
>> Keywords:      Classic
>> User:          SYSTEM
>> Computer:      DCITDCT01.mydomain.local
>> Description:
>> Certificate enrollment for Local system failed to enroll for a 
>> DomainController certificate with request ID N/A from 
>> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is 
>> unavailable. 0x800706ba (WIN32: 1722)).
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>  <System>
>>    <Provider 
>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>> EventSourceName="CertEnroll" />
>>    <EventID Qualifiers="49754">13</EventID>
>>    <Version>0</Version>
>>    <Level>2</Level>
>>    <Task>0</Task>
>>    <Opcode>0</Opcode>
>>    <Keywords>0x80000000000000</Keywords>
>>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>>    <EventRecordID>2333</EventRecordID>
>>    <Correlation />
>>    <Execution ProcessID="0" ThreadID="0" />
>>    <Channel>DCplication</Channel>
>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>    <Security UserID="S-1-5-18" />
>>  </System>
>>  <EventData>
>>    <Data Name="Context">Local system</Data>
>>    <Data Name="TemplateName">DomainController</Data>
>>    <Data 
>> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data>
>>    <Data Name="CA">N/A</Data>
>>    <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba 
>> (WIN32: 1722)</Data>
>>  </EventData>
>> </Event>
>>
>> Log Name:      DCplication
>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>> Date:          10.02.2010 05:41:26
>> Event ID:      64
>> Task Category: None
>> Level:         Information
>> Keywords:      Classic
>> User:          SYSTEM
>> Computer:      DCITDCT01.mydomain.local
>> Description:
>> Certificate enrollment for Local system successfully load policy from 
>> policy server
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>  <System>
>>    <Provider 
>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>> EventSourceName="CertEnroll" />
>>    <EventID Qualifiers="33370">64</EventID>
>>    <Version>0</Version>
>>    <Level>0</Level>
>>    <Task>0</Task>
>>    <Opcode>0</Opcode>
>>    <Keywords>0x80000000000000</Keywords>
>>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>>    <EventRecordID>2332</EventRecordID>
>>    <Correlation />
>>    <Execution ProcessID="0" ThreadID="0" />
>>    <Channel>DCplication</Channel>
>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>    <Security UserID="S-1-5-18" />
>>  </System>
>>  <EventData>
>>    <Data Name="Context">Local system</Data>
>>    <Data Name="ServerID">
>>    </Data>
>>  </EventData>
>> </Event>
>>
>> Log Name:      DCplication
>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>> Date:          10.02.2010 05:41:26
>> Event ID:      65
>> Task Category: None
>> Level:         Information
>> Keywords:      Classic
>> User:          SYSTEM
>> Computer:      DCITDCT01.mydomain.local
>> Description:
>> Certificate enrollment for Local system is successfully authenticated by 
>> policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>  <System>
>>    <Provider 
>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>> EventSourceName="CertEnroll" />
>>    <EventID Qualifiers="33370">65</EventID>
>>    <Version>0</Version>
>>    <Level>0</Level>
>>    <Task>0</Task>
>>    <Opcode>0</Opcode>
>>    <Keywords>0x80000000000000</Keywords>
>>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>>    <EventRecordID>2331</EventRecordID>
>>    <Correlation />
>>    <Execution ProcessID="0" ThreadID="0" />
>>    <Channel>DCplication</Channel>
>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>    <Security UserID="S-1-5-18" />
>>  </System>
>>  <EventData>
>>    <Data Name="Context">Local system</Data>
>>    <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data>
>>  </EventData>
>> </Event>
>>
>> Log Name:      DCplication
>> Source:        SceCli
>> Date:          10.02.2010 03:11:30
>> Event ID:      1704
>> Task Category: None
>> Level:         Information
>> Keywords:      Classic
>> User:          N/A
>> Computer:      DCITDCT01.mydomain.local
>> Description:
>> Security policy in the Group policy objects has been DCplied 
>> successfully.
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>  <System>
>>    <Provider Name="SceCli" />
>>    <EventID Qualifiers="16384">1704</EventID>
>>    <Level>4</Level>
>>    <Task>0</Task>
>>    <Keywords>0x80000000000000</Keywords>
>>    <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" />
>>    <EventRecordID>2330</EventRecordID>
>>    <Channel>DCplication</Channel>
>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>    <Security />
>>  </System>
>>  <EventData>
>>    <Data>
>>    </Data>
>>  </EventData>
>> </Event>
>>
>> ---------------------------------------------------------------------------------------------------------------------------
>>
>> Here are my system log error :
>>
>> -----------------------------------------------------------------------------------------------------------------------------
>>
>> Log Name:      System
>> Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
>> Date:          10.02.2010 01:39:03
>> Event ID:      29
>> Task Category: None
>> Level:         Warning
>> Keywords:      Classic
>> User:          N/A
>> Computer:      DCITDCT01.mydomain.local
>> Description:
>> The Key Distribution Center (KDC) cannot find a suitable certificate to 
>> use for smart card logons, or the KDC certificate could not be verified. 
>> Smart card logon may not function correctly if this problem is not 
>> resolved. To correct this problem, either verify the existing KDC 
>> certificate using certutil.exe or enroll for a new KDC certificate.
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>  <System>
>>    <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" 
>> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
>>    <EventID Qualifiers="32768">29</EventID>
>>    <Version>0</Version>
>>    <Level>3</Level>
>>    <Task>0</Task>
>>    <Opcode>0</Opcode>
>>    <Keywords>0x80000000000000</Keywords>
>>    <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" />
>>    <EventRecordID>3205</EventRecordID>
>>    <Correlation />
>>    <Execution ProcessID="0" ThreadID="0" />
>>    <Channel>System</Channel>
>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>    <Security />
>>  </System>
>>  <EventData>
>>  </EventData>
>> </Event>
>>
>> ----------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> I don't have any other error except DFS Replication that I maid for 
>> remote backup.
>>
>> Did you need more details or log?
>
>
>
> Thank you for posting this info. All the errors indicate the CA is not 
> resolvable or responding. Follow Jorge's suggestions.
>
> Also, I was curious of this part, but I didn't see it in your response:
>
> Can you connect to the CA using a browser? If you can, you can request a
> cert.
>
> https://dcshdct02
> or
> http://dcshdct02
>
> Ace
> 
0
Jorge
2/13/2010 11:36:28 PM
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
news:15204AD8-4F67-4E61-A811-FF63B304EFF3@microsoft.com...

I figured that would be the easiest way to tell if it's working. :-)

Ace


> Ops, I also miss that important part about http; https access...
>
> -- 
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
>
>
> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
> message news:uq#UOF6qKHA.4604@TK2MSFTNGP05.phx.gbl...
>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>> news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com...
>>> Hello,
>>>
>>>
>>> This is my ipconfig :
>>>
>>> ----------------------------------------------------------------------------------------------
>>>
>>> ipconfig /all
>>>
>>> Windows IP Configuration
>>>
>>>   Host Name . . . . . . . . . . . . : DCITDCT01
>>>   Primary Dns Suffix  . . . . . . . : mydomain.local
>>>   Node Type . . . . . . . . . . . . : Hybrid
>>>   IP Routing Enabled. . . . . . . . : No
>>>   WINS Proxy Enabled. . . . . . . . : No
>>>   DNS Suffix Search List. . . . . . : mydomain.local
>>>
>>> Ethernet adDCter Local Area Connection:
>>>
>>>   Connection-specific DNS Suffix  . :
>>>   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network 
>>> Connection
>>>   Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4
>>>   DHCP Enabled. . . . . . . . . . . : No
>>>   Autoconfiguration Enabled . . . . : Yes
>>>   IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred)
>>>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>   Default Gateway . . . . . . . . . : 192.168.11.254
>>>   DNS Servers . . . . . . . . . . . : 192.168.11.14
>>>                                       192.168.30.2
>>>                                       127.0.0.1
>>>   NetBIOS over Tcpip. . . . . . . . : Enabled
>>>
>>> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}:
>>>
>>>   Media State . . . . . . . . . . . : Media disconnected
>>>   Connection-specific DNS Suffix  . :
>>>   Description . . . . . . . . . . . : Microsoft ISATDC AdDCter
>>>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>>>   DHCP Enabled. . . . . . . . . . . : No
>>>   Autoconfiguration Enabled . . . . : Yes
>>>
>>> Tunnel adDCter Local Area Connection* 11:
>>>
>>>   Media State . . . . . . . . . . . : Media disconnected
>>>   Connection-specific DNS Suffix  . :
>>>   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
>>>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>>>   DHCP Enabled. . . . . . . . . . . : No
>>>   Autoconfiguration Enabled . . . . : Yes
>>>
>>> -------------------------------------------------------------------------------------------------------------
>>>
>>> Here are my application log error :
>>>
>>> -------------------------------------------------------------------------------------------------------------
>>>
>>> Log Name:      DCplication
>>> Source: 
>>> Microsoft-Windows-CertificateServicesClient-AutoEnrollment
>>> Date:          10.02.2010 05:42:07
>>> Event ID:      6
>>> Task Category: None
>>> Level:         Error
>>> Keywords:      Classic
>>> User:          N/A
>>> Computer:      DCITDCT01.mydomain.local
>>> Description:
>>> Automatic certificate enrollment for local system failed (0x800706ba) 
>>> The RPC server is unavailable.
>>> .
>>> Event Xml:
>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>  <System>
>>>    <Provider 
>>> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" 
>>> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" 
>>> EventSourceName="AutoEnrollment" />
>>>    <EventID Qualifiers="16384">6</EventID>
>>>    <Version>0</Version>
>>>    <Level>2</Level>
>>>    <Task>0</Task>
>>>    <Opcode>0</Opcode>
>>>    <Keywords>0x80000000000000</Keywords>
>>>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>>>    <EventRecordID>2334</EventRecordID>
>>>    <Correlation />
>>>    <Execution ProcessID="0" ThreadID="0" />
>>>    <Channel>DCplication</Channel>
>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>    <Security />
>>>  </System>
>>>  <EventData>
>>>    <Data Name="Context">local system</Data>
>>>    <Data Name="ErrorCode">0x800706ba</Data>
>>>    <Data Name="ErrorMsg">The RPC server is unavailable.
>>> </Data>
>>>  </EventData>
>>> </Event>
>>>
>>> Log Name:      DCplication
>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>> Date:          10.02.2010 05:42:07
>>> Event ID:      13
>>> Task Category: None
>>> Level:         Error
>>> Keywords:      Classic
>>> User:          SYSTEM
>>> Computer:      DCITDCT01.mydomain.local
>>> Description:
>>> Certificate enrollment for Local system failed to enroll for a 
>>> DomainController certificate with request ID N/A from 
>>> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is 
>>> unavailable. 0x800706ba (WIN32: 1722)).
>>> Event Xml:
>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>  <System>
>>>    <Provider 
>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>> EventSourceName="CertEnroll" />
>>>    <EventID Qualifiers="49754">13</EventID>
>>>    <Version>0</Version>
>>>    <Level>2</Level>
>>>    <Task>0</Task>
>>>    <Opcode>0</Opcode>
>>>    <Keywords>0x80000000000000</Keywords>
>>>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>>>    <EventRecordID>2333</EventRecordID>
>>>    <Correlation />
>>>    <Execution ProcessID="0" ThreadID="0" />
>>>    <Channel>DCplication</Channel>
>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>    <Security UserID="S-1-5-18" />
>>>  </System>
>>>  <EventData>
>>>    <Data Name="Context">Local system</Data>
>>>    <Data Name="TemplateName">DomainController</Data>
>>>    <Data 
>>> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data>
>>>    <Data Name="CA">N/A</Data>
>>>    <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba 
>>> (WIN32: 1722)</Data>
>>>  </EventData>
>>> </Event>
>>>
>>> Log Name:      DCplication
>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>> Date:          10.02.2010 05:41:26
>>> Event ID:      64
>>> Task Category: None
>>> Level:         Information
>>> Keywords:      Classic
>>> User:          SYSTEM
>>> Computer:      DCITDCT01.mydomain.local
>>> Description:
>>> Certificate enrollment for Local system successfully load policy from 
>>> policy server
>>> Event Xml:
>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>  <System>
>>>    <Provider 
>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>> EventSourceName="CertEnroll" />
>>>    <EventID Qualifiers="33370">64</EventID>
>>>    <Version>0</Version>
>>>    <Level>0</Level>
>>>    <Task>0</Task>
>>>    <Opcode>0</Opcode>
>>>    <Keywords>0x80000000000000</Keywords>
>>>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>>>    <EventRecordID>2332</EventRecordID>
>>>    <Correlation />
>>>    <Execution ProcessID="0" ThreadID="0" />
>>>    <Channel>DCplication</Channel>
>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>    <Security UserID="S-1-5-18" />
>>>  </System>
>>>  <EventData>
>>>    <Data Name="Context">Local system</Data>
>>>    <Data Name="ServerID">
>>>    </Data>
>>>  </EventData>
>>> </Event>
>>>
>>> Log Name:      DCplication
>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>> Date:          10.02.2010 05:41:26
>>> Event ID:      65
>>> Task Category: None
>>> Level:         Information
>>> Keywords:      Classic
>>> User:          SYSTEM
>>> Computer:      DCITDCT01.mydomain.local
>>> Description:
>>> Certificate enrollment for Local system is successfully authenticated by 
>>> policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}
>>> Event Xml:
>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>  <System>
>>>    <Provider 
>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>> EventSourceName="CertEnroll" />
>>>    <EventID Qualifiers="33370">65</EventID>
>>>    <Version>0</Version>
>>>    <Level>0</Level>
>>>    <Task>0</Task>
>>>    <Opcode>0</Opcode>
>>>    <Keywords>0x80000000000000</Keywords>
>>>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>>>    <EventRecordID>2331</EventRecordID>
>>>    <Correlation />
>>>    <Execution ProcessID="0" ThreadID="0" />
>>>    <Channel>DCplication</Channel>
>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>    <Security UserID="S-1-5-18" />
>>>  </System>
>>>  <EventData>
>>>    <Data Name="Context">Local system</Data>
>>>    <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data>
>>>  </EventData>
>>> </Event>
>>>
>>> Log Name:      DCplication
>>> Source:        SceCli
>>> Date:          10.02.2010 03:11:30
>>> Event ID:      1704
>>> Task Category: None
>>> Level:         Information
>>> Keywords:      Classic
>>> User:          N/A
>>> Computer:      DCITDCT01.mydomain.local
>>> Description:
>>> Security policy in the Group policy objects has been DCplied 
>>> successfully.
>>> Event Xml:
>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>  <System>
>>>    <Provider Name="SceCli" />
>>>    <EventID Qualifiers="16384">1704</EventID>
>>>    <Level>4</Level>
>>>    <Task>0</Task>
>>>    <Keywords>0x80000000000000</Keywords>
>>>    <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" />
>>>    <EventRecordID>2330</EventRecordID>
>>>    <Channel>DCplication</Channel>
>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>    <Security />
>>>  </System>
>>>  <EventData>
>>>    <Data>
>>>    </Data>
>>>  </EventData>
>>> </Event>
>>>
>>> ---------------------------------------------------------------------------------------------------------------------------
>>>
>>> Here are my system log error :
>>>
>>> -----------------------------------------------------------------------------------------------------------------------------
>>>
>>> Log Name:      System
>>> Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
>>> Date:          10.02.2010 01:39:03
>>> Event ID:      29
>>> Task Category: None
>>> Level:         Warning
>>> Keywords:      Classic
>>> User:          N/A
>>> Computer:      DCITDCT01.mydomain.local
>>> Description:
>>> The Key Distribution Center (KDC) cannot find a suitable certificate to 
>>> use for smart card logons, or the KDC certificate could not be verified. 
>>> Smart card logon may not function correctly if this problem is not 
>>> resolved. To correct this problem, either verify the existing KDC 
>>> certificate using certutil.exe or enroll for a new KDC certificate.
>>> Event Xml:
>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>  <System>
>>>    <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" 
>>> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
>>>    <EventID Qualifiers="32768">29</EventID>
>>>    <Version>0</Version>
>>>    <Level>3</Level>
>>>    <Task>0</Task>
>>>    <Opcode>0</Opcode>
>>>    <Keywords>0x80000000000000</Keywords>
>>>    <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" />
>>>    <EventRecordID>3205</EventRecordID>
>>>    <Correlation />
>>>    <Execution ProcessID="0" ThreadID="0" />
>>>    <Channel>System</Channel>
>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>    <Security />
>>>  </System>
>>>  <EventData>
>>>  </EventData>
>>> </Event>
>>>
>>> ----------------------------------------------------------------------------------------------------------------------------------------------------------
>>>
>>> I don't have any other error except DFS Replication that I maid for 
>>> remote backup.
>>>
>>> Did you need more details or log?
>>
>>
>>
>> Thank you for posting this info. All the errors indicate the CA is not 
>> resolvable or responding. Follow Jorge's suggestions.
>>
>> Also, I was curious of this part, but I didn't see it in your response:
>>
>> Can you connect to the CA using a browser? If you can, you can request a
>> cert.
>>
>> https://dcshdct02
>> or
>> http://dcshdct02
>>
>> Ace
>>



0
Ace
2/14/2010 7:23:34 AM
Hello,

To answer your question, I can access to http://dcshdct02/certsrv but not 
the https://dcshdct02/certsrv

I already try to request a cert but I don't see any domain cert!

I see a strange behavior. If I connect to the a dc with my administrator 
login then try to connect to the url : http://dcshdct02/certsrv I see 
directly the web page.

But if I try this on the dcitdct01, I need to enter my credential info! May 
be it's could be the problem!

Have you any idea


"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
news:Oy7EfaUrKHA.3344@TK2MSFTNGP06.phx.gbl...
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
> news:15204AD8-4F67-4E61-A811-FF63B304EFF3@microsoft.com...
>
> I figured that would be the easiest way to tell if it's working. :-)
>
> Ace
>
>
>> Ops, I also miss that important part about http; https access...
>>
>> -- 
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>>
>>
>>
>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>> message news:uq#UOF6qKHA.4604@TK2MSFTNGP05.phx.gbl...
>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>> news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com...
>>>> Hello,
>>>>
>>>>
>>>> This is my ipconfig :
>>>>
>>>> ----------------------------------------------------------------------------------------------
>>>>
>>>> ipconfig /all
>>>>
>>>> Windows IP Configuration
>>>>
>>>>   Host Name . . . . . . . . . . . . : DCITDCT01
>>>>   Primary Dns Suffix  . . . . . . . : mydomain.local
>>>>   Node Type . . . . . . . . . . . . : Hybrid
>>>>   IP Routing Enabled. . . . . . . . : No
>>>>   WINS Proxy Enabled. . . . . . . . : No
>>>>   DNS Suffix Search List. . . . . . : mydomain.local
>>>>
>>>> Ethernet adDCter Local Area Connection:
>>>>
>>>>   Connection-specific DNS Suffix  . :
>>>>   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network 
>>>> Connection
>>>>   Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4
>>>>   DHCP Enabled. . . . . . . . . . . : No
>>>>   Autoconfiguration Enabled . . . . : Yes
>>>>   IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred)
>>>>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>   Default Gateway . . . . . . . . . : 192.168.11.254
>>>>   DNS Servers . . . . . . . . . . . : 192.168.11.14
>>>>                                       192.168.30.2
>>>>                                       127.0.0.1
>>>>   NetBIOS over Tcpip. . . . . . . . : Enabled
>>>>
>>>> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}:
>>>>
>>>>   Media State . . . . . . . . . . . : Media disconnected
>>>>   Connection-specific DNS Suffix  . :
>>>>   Description . . . . . . . . . . . : Microsoft ISATDC AdDCter
>>>>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>>>>   DHCP Enabled. . . . . . . . . . . : No
>>>>   Autoconfiguration Enabled . . . . : Yes
>>>>
>>>> Tunnel adDCter Local Area Connection* 11:
>>>>
>>>>   Media State . . . . . . . . . . . : Media disconnected
>>>>   Connection-specific DNS Suffix  . :
>>>>   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
>>>>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>>>>   DHCP Enabled. . . . . . . . . . . : No
>>>>   Autoconfiguration Enabled . . . . : Yes
>>>>
>>>> -------------------------------------------------------------------------------------------------------------
>>>>
>>>> Here are my application log error :
>>>>
>>>> -------------------------------------------------------------------------------------------------------------
>>>>
>>>> Log Name:      DCplication
>>>> Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
>>>> Date:          10.02.2010 05:42:07
>>>> Event ID:      6
>>>> Task Category: None
>>>> Level:         Error
>>>> Keywords:      Classic
>>>> User:          N/A
>>>> Computer:      DCITDCT01.mydomain.local
>>>> Description:
>>>> Automatic certificate enrollment for local system failed (0x800706ba) 
>>>> The RPC server is unavailable.
>>>> .
>>>> Event Xml:
>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>  <System>
>>>>    <Provider 
>>>> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" 
>>>> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" 
>>>> EventSourceName="AutoEnrollment" />
>>>>    <EventID Qualifiers="16384">6</EventID>
>>>>    <Version>0</Version>
>>>>    <Level>2</Level>
>>>>    <Task>0</Task>
>>>>    <Opcode>0</Opcode>
>>>>    <Keywords>0x80000000000000</Keywords>
>>>>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>>>>    <EventRecordID>2334</EventRecordID>
>>>>    <Correlation />
>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>    <Channel>DCplication</Channel>
>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>    <Security />
>>>>  </System>
>>>>  <EventData>
>>>>    <Data Name="Context">local system</Data>
>>>>    <Data Name="ErrorCode">0x800706ba</Data>
>>>>    <Data Name="ErrorMsg">The RPC server is unavailable.
>>>> </Data>
>>>>  </EventData>
>>>> </Event>
>>>>
>>>> Log Name:      DCplication
>>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>>> Date:          10.02.2010 05:42:07
>>>> Event ID:      13
>>>> Task Category: None
>>>> Level:         Error
>>>> Keywords:      Classic
>>>> User:          SYSTEM
>>>> Computer:      DCITDCT01.mydomain.local
>>>> Description:
>>>> Certificate enrollment for Local system failed to enroll for a 
>>>> DomainController certificate with request ID N/A from 
>>>> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is 
>>>> unavailable. 0x800706ba (WIN32: 1722)).
>>>> Event Xml:
>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>  <System>
>>>>    <Provider 
>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>>> EventSourceName="CertEnroll" />
>>>>    <EventID Qualifiers="49754">13</EventID>
>>>>    <Version>0</Version>
>>>>    <Level>2</Level>
>>>>    <Task>0</Task>
>>>>    <Opcode>0</Opcode>
>>>>    <Keywords>0x80000000000000</Keywords>
>>>>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>>>>    <EventRecordID>2333</EventRecordID>
>>>>    <Correlation />
>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>    <Channel>DCplication</Channel>
>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>    <Security UserID="S-1-5-18" />
>>>>  </System>
>>>>  <EventData>
>>>>    <Data Name="Context">Local system</Data>
>>>>    <Data Name="TemplateName">DomainController</Data>
>>>>    <Data 
>>>> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data>
>>>>    <Data Name="CA">N/A</Data>
>>>>    <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba 
>>>> (WIN32: 1722)</Data>
>>>>  </EventData>
>>>> </Event>
>>>>
>>>> Log Name:      DCplication
>>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>>> Date:          10.02.2010 05:41:26
>>>> Event ID:      64
>>>> Task Category: None
>>>> Level:         Information
>>>> Keywords:      Classic
>>>> User:          SYSTEM
>>>> Computer:      DCITDCT01.mydomain.local
>>>> Description:
>>>> Certificate enrollment for Local system successfully load policy from 
>>>> policy server
>>>> Event Xml:
>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>  <System>
>>>>    <Provider 
>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>>> EventSourceName="CertEnroll" />
>>>>    <EventID Qualifiers="33370">64</EventID>
>>>>    <Version>0</Version>
>>>>    <Level>0</Level>
>>>>    <Task>0</Task>
>>>>    <Opcode>0</Opcode>
>>>>    <Keywords>0x80000000000000</Keywords>
>>>>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>>>>    <EventRecordID>2332</EventRecordID>
>>>>    <Correlation />
>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>    <Channel>DCplication</Channel>
>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>    <Security UserID="S-1-5-18" />
>>>>  </System>
>>>>  <EventData>
>>>>    <Data Name="Context">Local system</Data>
>>>>    <Data Name="ServerID">
>>>>    </Data>
>>>>  </EventData>
>>>> </Event>
>>>>
>>>> Log Name:      DCplication
>>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>>> Date:          10.02.2010 05:41:26
>>>> Event ID:      65
>>>> Task Category: None
>>>> Level:         Information
>>>> Keywords:      Classic
>>>> User:          SYSTEM
>>>> Computer:      DCITDCT01.mydomain.local
>>>> Description:
>>>> Certificate enrollment for Local system is successfully authenticated 
>>>> by policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}
>>>> Event Xml:
>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>  <System>
>>>>    <Provider 
>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>>> EventSourceName="CertEnroll" />
>>>>    <EventID Qualifiers="33370">65</EventID>
>>>>    <Version>0</Version>
>>>>    <Level>0</Level>
>>>>    <Task>0</Task>
>>>>    <Opcode>0</Opcode>
>>>>    <Keywords>0x80000000000000</Keywords>
>>>>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>>>>    <EventRecordID>2331</EventRecordID>
>>>>    <Correlation />
>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>    <Channel>DCplication</Channel>
>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>    <Security UserID="S-1-5-18" />
>>>>  </System>
>>>>  <EventData>
>>>>    <Data Name="Context">Local system</Data>
>>>>    <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data>
>>>>  </EventData>
>>>> </Event>
>>>>
>>>> Log Name:      DCplication
>>>> Source:        SceCli
>>>> Date:          10.02.2010 03:11:30
>>>> Event ID:      1704
>>>> Task Category: None
>>>> Level:         Information
>>>> Keywords:      Classic
>>>> User:          N/A
>>>> Computer:      DCITDCT01.mydomain.local
>>>> Description:
>>>> Security policy in the Group policy objects has been DCplied 
>>>> successfully.
>>>> Event Xml:
>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>  <System>
>>>>    <Provider Name="SceCli" />
>>>>    <EventID Qualifiers="16384">1704</EventID>
>>>>    <Level>4</Level>
>>>>    <Task>0</Task>
>>>>    <Keywords>0x80000000000000</Keywords>
>>>>    <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" />
>>>>    <EventRecordID>2330</EventRecordID>
>>>>    <Channel>DCplication</Channel>
>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>    <Security />
>>>>  </System>
>>>>  <EventData>
>>>>    <Data>
>>>>    </Data>
>>>>  </EventData>
>>>> </Event>
>>>>
>>>> ---------------------------------------------------------------------------------------------------------------------------
>>>>
>>>> Here are my system log error :
>>>>
>>>> -----------------------------------------------------------------------------------------------------------------------------
>>>>
>>>> Log Name:      System
>>>> Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
>>>> Date:          10.02.2010 01:39:03
>>>> Event ID:      29
>>>> Task Category: None
>>>> Level:         Warning
>>>> Keywords:      Classic
>>>> User:          N/A
>>>> Computer:      DCITDCT01.mydomain.local
>>>> Description:
>>>> The Key Distribution Center (KDC) cannot find a suitable certificate to 
>>>> use for smart card logons, or the KDC certificate could not be 
>>>> verified. Smart card logon may not function correctly if this problem 
>>>> is not resolved. To correct this problem, either verify the existing 
>>>> KDC certificate using certutil.exe or enroll for a new KDC certificate.
>>>> Event Xml:
>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>  <System>
>>>>    <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" 
>>>> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
>>>>    <EventID Qualifiers="32768">29</EventID>
>>>>    <Version>0</Version>
>>>>    <Level>3</Level>
>>>>    <Task>0</Task>
>>>>    <Opcode>0</Opcode>
>>>>    <Keywords>0x80000000000000</Keywords>
>>>>    <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" />
>>>>    <EventRecordID>3205</EventRecordID>
>>>>    <Correlation />
>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>    <Channel>System</Channel>
>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>    <Security />
>>>>  </System>
>>>>  <EventData>
>>>>  </EventData>
>>>> </Event>
>>>>
>>>> ----------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>
>>>> I don't have any other error except DFS Replication that I maid for 
>>>> remote backup.
>>>>
>>>> Did you need more details or log?
>>>
>>>
>>>
>>> Thank you for posting this info. All the errors indicate the CA is not 
>>> resolvable or responding. Follow Jorge's suggestions.
>>>
>>> Also, I was curious of this part, but I didn't see it in your response:
>>>
>>> Can you connect to the CA using a browser? If you can, you can request a
>>> cert.
>>>
>>> https://dcshdct02
>>> or
>>> http://dcshdct02
>>>
>>> Ace
>>>
>
>
> 
0
Julien
2/15/2010 8:10:31 AM
I do exacly what you say. But I have always the two errors :

First :

Certificate enrollment for Local system failed to enroll for a 
DomainController certificate with request ID N/A from 
APSHDCT02.audemarspiguet.local\audemarspiguet-APSHDCT02-CA (The RPC server 
is unavailable. 0x800706ba (WIN32: 1722)).

Second :

Automatic certificate enrollment for local system failed (0x800706ba) The 
RPC server is unavailable.



"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
news:325A4C22-8662-431E-820A-E0BC2B8D9A90@microsoft.com...
> Hold on...
> If you're going to reboot the CA...
> 1St the CA, after the CA is up, do 2 reboots with a logon between them on 
> the DC.
>
> -- 
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
>
>
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:T5idndaKfvbpQ-7WnZ2dnUVZ8vOdnZ2d@giganews.com...
>>> - Did you also test SMB from the CA to the DC?
>>
>> Yes, I do
>>
>>> - Can you ping from both sides (DC and CA) to each other?
>>
>> Yes, I can
>>
>>> - Did you already reboot the DC 2?
>>
>> I have palnned to reboot my dc and the ca this night.
>>
>>
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>> news:7B115C84-012E-4397-8F34-ECAC27074558@microsoft.com...
>>> Ok,
>>> - Did you also test SMB from the CA to the DC?
>>> - Can you ping from both sides (DC and CA) to each other?
>>> - Did you already reboot the DC 2?
>>>
>>> -- 
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no 
>>> rights.
>>>
>>>
>>>
>>>
>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>> news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com...
>>>> ok simple 127.0.0.1 I have delete ... I don't know why is here.
>>>>
>>>> 192.168.30.2 is my central site and my fist DC on my domain.
>>>>
>>>> I have a lot of site and this address is the ranch for my central 
>>>> offices.
>>>>
>>>>
>>>>
>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com...
>>>>> Ok, do that, can you also explain these 2 DNS entries:
>>>>>                                       192.168.30.2
>>>>>                                       127.0.0.1
>>>>>
>>>>> -- 
>>>>>
>>>>> I hope that the information above helps you.
>>>>> Have a Nice day.
>>>>>
>>>>> Jorge Silva
>>>>> MVP Directory Services
>>>>>
>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>> rights.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com...
>>>>>> Hello,
>>>>>>
>>>>>>> Did you test SMB from that DC?
>>>>>>
>>>>>> Yes, I did. I test smb connection form and to my dc.
>>>>>>
>>>>>>> IS that DC passing through ISA?
>>>>>>
>>>>>> No, we don't use ISA!
>>>>>>
>>>>>>>You may need to reboot the DC twice
>>>>>>
>>>>>> I'll try this, this night, but if I remember well I already reboot it 
>>>>>> more thant twice.
>>>>>>
>>>>>>
>>>>>> Julien
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com...
>>>>>>> Is the CA service started?
>>>>>>> Did you test SMB from that DC?
>>>>>>> IS that DC passing through ISA? IF yes, can you disable the RPC 
>>>>>>> filter for that rule and test again? You may need to reboot the DC 
>>>>>>> twice until that error goes away.
>>>>>>>
>>>>>>> -- 
>>>>>>>
>>>>>>> I hope that the information above helps you.
>>>>>>> Have a Nice day.
>>>>>>>
>>>>>>> Jorge Silva
>>>>>>> MVP Directory Services
>>>>>>>
>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>>> This posting is provided "AS IS" with no warranties, and confers no 
>>>>>>> rights.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com...
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I can do a SMB connection but I don't have the certificate.
>>>>>>>>
>>>>>>>> Can any body help me to resolve this issue?
>>>>>>>>
>>>>>>>> Julien
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>>>>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com...
>>>>>>>>> Hi
>>>>>>>>> Yes, test the connection using \\dcshdct02
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -- 
>>>>>>>>>
>>>>>>>>> I hope that the information above helps you.
>>>>>>>>> Have a Nice day.
>>>>>>>>>
>>>>>>>>> Jorge Silva
>>>>>>>>> MVP Directory Services
>>>>>>>>>
>>>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>>>>> This posting is provided "AS IS" with no warranties, and confers 
>>>>>>>>> no rights.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl...
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> In fact, the computer name is dcshdct02, but if I open the 
>>>>>>>>>> certification authority MMC, the name of the server is : 
>>>>>>>>>> mydomain-DCSHDCT02-CA.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote 
>>>>>>>>>> in message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl...
>>>>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message 
>>>>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl...
>>>>>>>>>>>> Hello,
>>>>>>>>>>>>
>>>>>>>>>>>> You say :
>>>>>>>>>>>>
>>>>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from 
>>>>>>>>>>>>> that DC.
>>>>>>>>>>>>
>>>>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the 
>>>>>>>>>>>> name I can see on the Certification authority MMC?
>>>>>>>>>>>>
>>>>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not 
>>>>>>>>>>>> the name I see on the CA MMC.
>>>>>>>>>>>>
>>>>>>>>>>>> Julien
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> The CAName is the computer name of your CA (Certificate 
>>>>>>>>>>> Authority) server.
>>>>>>>>>>>
>>>>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by 
>>>>>>>>>>> can't browse by the name in the CA MMC console? what name is 
>>>>>>>>>>> that?
>>>>>>>>>>>
>>>>>>>>>>> Ace
>>>>>>>>>>> 
0
Julien
2/15/2010 8:21:30 AM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:d9OdnY88GdDlnOTWnZ2dnUVZ8kmdnZ2d@giganews.com...
>
> Hello,
>
> To answer your question, I can access to http://dcshdct02/certsrv but not 
> the https://dcshdct02/certsrv
>
> I already try to request a cert but I don't see any domain cert!
>
> I see a strange behavior. If I connect to the a dc with my administrator 
> login then try to connect to the url : http://dcshdct02/certsrv I see 
> directly the web page.
>
> But if I try this on the dcitdct01, I need to enter my credential info! 
> May be it's could be the problem!
>
> Have you any idea
>
>

Using the URL with the NetBIOS name while logged on as Domain Admin, you 
should immediately get the page without logging on. This is the Windows 
Authentication portion doing it in IIS. Now if you are getting prompted from 
the other DC, then something else is going on. But if you don't see a domain 
cert, and I can't remember if that is normal or not since it should 
automatically be enrolled using your GPO policy, it may be indicative of a 
CA misonfiguration when you set it up.

What article or publication did you follow to set this all up?

Due to the many pieces of a CA, autoenrollment, etc, it would be quite a bit 
of effort to go through what steps you took to install the CA and configure 
the GPO, how you setup permissions on the template, and other specifics. 
Maybe I can offer the following links. I hope they help.

Certificate Autoenrollment in Windows Server 2003Supported Hardware 
(Certificate Autoenrollment in Windows Server 2003) ... Configuring Group 
Policy � User Autoenrollment � Certificate Renewal ...
http://technet.microsoft.com/en-us/library/cc778954(WS.10).aspx

Install Windows Server 2003 CAHow can I install the Certificate Authority 
(CA) service in Windows Server 2003? Windows Server 2003 can be used as a 
Certificate Authority (also known as.
http://www.petri.co.il/install_windows_server_2003_ca.htm

Installing and Configuring Windows Server 2003 Enterprise ...Installing and 
Configuring Windows Server 2003 Enterprise Certification Authority. Topic 
Last Modified: 2005-05-19. The first step in setting up your lab is ...
http://technet.microsoft.com/en-us/library/aa998956(EXCHG.65).aspx

How can I enable digital certificate autoenrollment in Windows ... (Brief 
overview)
Dec 5, 2005 ... A. Autoenrollment is available to Windows 2003 and Windows 
XP domain ... Next you need to enable the Group Policy for the 
autoenrollment. ... (You can also view Failed Requests in the Certificate 
Authority MMC snap-in. ...
http://windowsitpro.com/article/articleid/48665/how-can-i-enable-digital-certificate-autoenrollment-in-windows-server-2003.html

Alex Tcherniakhovski - Security : Certificate auto-enrollment ...Jul 3, 2007 
.... For the most part configuring certificate auto-enrollment is a fairly 
.... but require CA to be running on Windows 2003 Server Enterprise Edition. 
.... In the GPO where the hosts reside configure the following setting ...
http://blogs.msdn.com/alextch/archive/2007/07/03/certautoenroll.aspx

Ace 


0
Ace
2/15/2010 2:01:40 PM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:d9OdnY88GdDlnOTWnZ2dnUVZ8kmdnZ2d@giganews.com...
>
> Hello,
>
> To answer your question, I can access to http://dcshdct02/certsrv but not 
> the https://dcshdct02/certsrv
>
> I already try to request a cert but I don't see any domain cert!
>
> I see a strange behavior. If I connect to the a dc with my administrator 
> login then try to connect to the url : http://dcshdct02/certsrv I see 
> directly the web page.
>
> But if I try this on the dcitdct01, I need to enter my credential info! 
> May be it's could be the problem!
>
> Have you any idea
>

I forgot to add, the RPC Unavailable error will be part of the issue. You 
said you disabled the firewall and allowed all ports, correct?

As for not being able to connect by https:// (with the 's'), that means you 
never created or added an SSL cert in IIS.

Ace



0
Ace
2/15/2010 2:03:45 PM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:ZJ-dnXbXZ6-XmeTWnZ2dnUVZ8hudnZ2d@giganews.com...
>I do exacly what you say. But I have always the two errors :
>
> First :
>
> Certificate enrollment for Local system failed to enroll for a 
> DomainController certificate with request ID N/A from 
> APSHDCT02.audemarspiguet.local\audemarspiguet-APSHDCT02-CA (The RPC server 
> is unavailable. 0x800706ba (WIN32: 1722)).
>
> Second :
>
> Automatic certificate enrollment for local system failed (0x800706ba) The 
> RPC server is unavailable.
>
>
>

As I mentioned earlier, RPC errors such as this means there is a 
communication block or DNS lookup issue. I assume DNS has the DCs listed, so 
I think tehre is a block going on elsewhere.

Ace



0
Ace
2/15/2010 2:04:55 PM
Ok,
And if you add the " http://dcshdct02/certsrv" to the Local Intranet Web 
Sites trust on dcitdct01?


-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:d9OdnY88GdDlnOTWnZ2dnUVZ8kmdnZ2d@giganews.com...
>
> Hello,
>
> To answer your question, I can access to http://dcshdct02/certsrv but not 
> the https://dcshdct02/certsrv
>
> I already try to request a cert but I don't see any domain cert!
>
> I see a strange behavior. If I connect to the a dc with my administrator 
> login then try to connect to the url : http://dcshdct02/certsrv I see 
> directly the web page.
>
> But if I try this on the dcitdct01, I need to enter my credential info! 
> May be it's could be the problem!
>
> Have you any idea
>
>
> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
> message news:Oy7EfaUrKHA.3344@TK2MSFTNGP06.phx.gbl...
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
>> news:15204AD8-4F67-4E61-A811-FF63B304EFF3@microsoft.com...
>>
>> I figured that would be the easiest way to tell if it's working. :-)
>>
>> Ace
>>
>>
>>> Ops, I also miss that important part about http; https access...
>>>
>>> -- 
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no 
>>> rights.
>>>
>>>
>>>
>>>
>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in 
>>> message news:uq#UOF6qKHA.4604@TK2MSFTNGP05.phx.gbl...
>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
>>>> news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com...
>>>>> Hello,
>>>>>
>>>>>
>>>>> This is my ipconfig :
>>>>>
>>>>> ----------------------------------------------------------------------------------------------
>>>>>
>>>>> ipconfig /all
>>>>>
>>>>> Windows IP Configuration
>>>>>
>>>>>   Host Name . . . . . . . . . . . . : DCITDCT01
>>>>>   Primary Dns Suffix  . . . . . . . : mydomain.local
>>>>>   Node Type . . . . . . . . . . . . : Hybrid
>>>>>   IP Routing Enabled. . . . . . . . : No
>>>>>   WINS Proxy Enabled. . . . . . . . : No
>>>>>   DNS Suffix Search List. . . . . . : mydomain.local
>>>>>
>>>>> Ethernet adDCter Local Area Connection:
>>>>>
>>>>>   Connection-specific DNS Suffix  . :
>>>>>   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network 
>>>>> Connection
>>>>>   Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4
>>>>>   DHCP Enabled. . . . . . . . . . . : No
>>>>>   Autoconfiguration Enabled . . . . : Yes
>>>>>   IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred)
>>>>>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>>   Default Gateway . . . . . . . . . : 192.168.11.254
>>>>>   DNS Servers . . . . . . . . . . . : 192.168.11.14
>>>>>                                       192.168.30.2
>>>>>                                       127.0.0.1
>>>>>   NetBIOS over Tcpip. . . . . . . . : Enabled
>>>>>
>>>>> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}:
>>>>>
>>>>>   Media State . . . . . . . . . . . : Media disconnected
>>>>>   Connection-specific DNS Suffix  . :
>>>>>   Description . . . . . . . . . . . : Microsoft ISATDC AdDCter
>>>>>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>>>>>   DHCP Enabled. . . . . . . . . . . : No
>>>>>   Autoconfiguration Enabled . . . . : Yes
>>>>>
>>>>> Tunnel adDCter Local Area Connection* 11:
>>>>>
>>>>>   Media State . . . . . . . . . . . : Media disconnected
>>>>>   Connection-specific DNS Suffix  . :
>>>>>   Description . . . . . . . . . . . : Teredo Tunneling 
>>>>> Pseudo-Interface
>>>>>   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>>>>>   DHCP Enabled. . . . . . . . . . . : No
>>>>>   Autoconfiguration Enabled . . . . : Yes
>>>>>
>>>>> -------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> Here are my application log error :
>>>>>
>>>>> -------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> Log Name:      DCplication
>>>>> Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
>>>>> Date:          10.02.2010 05:42:07
>>>>> Event ID:      6
>>>>> Task Category: None
>>>>> Level:         Error
>>>>> Keywords:      Classic
>>>>> User:          N/A
>>>>> Computer:      DCITDCT01.mydomain.local
>>>>> Description:
>>>>> Automatic certificate enrollment for local system failed (0x800706ba) 
>>>>> The RPC server is unavailable.
>>>>> .
>>>>> Event Xml:
>>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>>  <System>
>>>>>    <Provider 
>>>>> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" 
>>>>> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" 
>>>>> EventSourceName="AutoEnrollment" />
>>>>>    <EventID Qualifiers="16384">6</EventID>
>>>>>    <Version>0</Version>
>>>>>    <Level>2</Level>
>>>>>    <Task>0</Task>
>>>>>    <Opcode>0</Opcode>
>>>>>    <Keywords>0x80000000000000</Keywords>
>>>>>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>>>>>    <EventRecordID>2334</EventRecordID>
>>>>>    <Correlation />
>>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>>    <Channel>DCplication</Channel>
>>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>>    <Security />
>>>>>  </System>
>>>>>  <EventData>
>>>>>    <Data Name="Context">local system</Data>
>>>>>    <Data Name="ErrorCode">0x800706ba</Data>
>>>>>    <Data Name="ErrorMsg">The RPC server is unavailable.
>>>>> </Data>
>>>>>  </EventData>
>>>>> </Event>
>>>>>
>>>>> Log Name:      DCplication
>>>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>>>> Date:          10.02.2010 05:42:07
>>>>> Event ID:      13
>>>>> Task Category: None
>>>>> Level:         Error
>>>>> Keywords:      Classic
>>>>> User:          SYSTEM
>>>>> Computer:      DCITDCT01.mydomain.local
>>>>> Description:
>>>>> Certificate enrollment for Local system failed to enroll for a 
>>>>> DomainController certificate with request ID N/A from 
>>>>> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is 
>>>>> unavailable. 0x800706ba (WIN32: 1722)).
>>>>> Event Xml:
>>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>>  <System>
>>>>>    <Provider 
>>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>>>> EventSourceName="CertEnroll" />
>>>>>    <EventID Qualifiers="49754">13</EventID>
>>>>>    <Version>0</Version>
>>>>>    <Level>2</Level>
>>>>>    <Task>0</Task>
>>>>>    <Opcode>0</Opcode>
>>>>>    <Keywords>0x80000000000000</Keywords>
>>>>>    <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" />
>>>>>    <EventRecordID>2333</EventRecordID>
>>>>>    <Correlation />
>>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>>    <Channel>DCplication</Channel>
>>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>>    <Security UserID="S-1-5-18" />
>>>>>  </System>
>>>>>  <EventData>
>>>>>    <Data Name="Context">Local system</Data>
>>>>>    <Data Name="TemplateName">DomainController</Data>
>>>>>    <Data 
>>>>> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data>
>>>>>    <Data Name="CA">N/A</Data>
>>>>>    <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba 
>>>>> (WIN32: 1722)</Data>
>>>>>  </EventData>
>>>>> </Event>
>>>>>
>>>>> Log Name:      DCplication
>>>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>>>> Date:          10.02.2010 05:41:26
>>>>> Event ID:      64
>>>>> Task Category: None
>>>>> Level:         Information
>>>>> Keywords:      Classic
>>>>> User:          SYSTEM
>>>>> Computer:      DCITDCT01.mydomain.local
>>>>> Description:
>>>>> Certificate enrollment for Local system successfully load policy from 
>>>>> policy server
>>>>> Event Xml:
>>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>>  <System>
>>>>>    <Provider 
>>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>>>> EventSourceName="CertEnroll" />
>>>>>    <EventID Qualifiers="33370">64</EventID>
>>>>>    <Version>0</Version>
>>>>>    <Level>0</Level>
>>>>>    <Task>0</Task>
>>>>>    <Opcode>0</Opcode>
>>>>>    <Keywords>0x80000000000000</Keywords>
>>>>>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>>>>>    <EventRecordID>2332</EventRecordID>
>>>>>    <Correlation />
>>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>>    <Channel>DCplication</Channel>
>>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>>    <Security UserID="S-1-5-18" />
>>>>>  </System>
>>>>>  <EventData>
>>>>>    <Data Name="Context">Local system</Data>
>>>>>    <Data Name="ServerID">
>>>>>    </Data>
>>>>>  </EventData>
>>>>> </Event>
>>>>>
>>>>> Log Name:      DCplication
>>>>> Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
>>>>> Date:          10.02.2010 05:41:26
>>>>> Event ID:      65
>>>>> Task Category: None
>>>>> Level:         Information
>>>>> Keywords:      Classic
>>>>> User:          SYSTEM
>>>>> Computer:      DCITDCT01.mydomain.local
>>>>> Description:
>>>>> Certificate enrollment for Local system is successfully authenticated 
>>>>> by policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}
>>>>> Event Xml:
>>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>>  <System>
>>>>>    <Provider 
>>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" 
>>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" 
>>>>> EventSourceName="CertEnroll" />
>>>>>    <EventID Qualifiers="33370">65</EventID>
>>>>>    <Version>0</Version>
>>>>>    <Level>0</Level>
>>>>>    <Task>0</Task>
>>>>>    <Opcode>0</Opcode>
>>>>>    <Keywords>0x80000000000000</Keywords>
>>>>>    <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" />
>>>>>    <EventRecordID>2331</EventRecordID>
>>>>>    <Correlation />
>>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>>    <Channel>DCplication</Channel>
>>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>>    <Security UserID="S-1-5-18" />
>>>>>  </System>
>>>>>  <EventData>
>>>>>    <Data Name="Context">Local system</Data>
>>>>>    <Data 
>>>>> Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data>
>>>>>  </EventData>
>>>>> </Event>
>>>>>
>>>>> Log Name:      DCplication
>>>>> Source:        SceCli
>>>>> Date:          10.02.2010 03:11:30
>>>>> Event ID:      1704
>>>>> Task Category: None
>>>>> Level:         Information
>>>>> Keywords:      Classic
>>>>> User:          N/A
>>>>> Computer:      DCITDCT01.mydomain.local
>>>>> Description:
>>>>> Security policy in the Group policy objects has been DCplied 
>>>>> successfully.
>>>>> Event Xml:
>>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>>  <System>
>>>>>    <Provider Name="SceCli" />
>>>>>    <EventID Qualifiers="16384">1704</EventID>
>>>>>    <Level>4</Level>
>>>>>    <Task>0</Task>
>>>>>    <Keywords>0x80000000000000</Keywords>
>>>>>    <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" />
>>>>>    <EventRecordID>2330</EventRecordID>
>>>>>    <Channel>DCplication</Channel>
>>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>>    <Security />
>>>>>  </System>
>>>>>  <EventData>
>>>>>    <Data>
>>>>>    </Data>
>>>>>  </EventData>
>>>>> </Event>
>>>>>
>>>>> ---------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> Here are my system log error :
>>>>>
>>>>> -----------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> Log Name:      System
>>>>> Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
>>>>> Date:          10.02.2010 01:39:03
>>>>> Event ID:      29
>>>>> Task Category: None
>>>>> Level:         Warning
>>>>> Keywords:      Classic
>>>>> User:          N/A
>>>>> Computer:      DCITDCT01.mydomain.local
>>>>> Description:
>>>>> The Key Distribution Center (KDC) cannot find a suitable certificate 
>>>>> to use for smart card logons, or the KDC certificate could not be 
>>>>> verified. Smart card logon may not function correctly if this problem 
>>>>> is not resolved. To correct this problem, either verify the existing 
>>>>> KDC certificate using certutil.exe or enroll for a new KDC 
>>>>> certificate.
>>>>> Event Xml:
>>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>>>>>  <System>
>>>>>    <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" 
>>>>> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
>>>>>    <EventID Qualifiers="32768">29</EventID>
>>>>>    <Version>0</Version>
>>>>>    <Level>3</Level>
>>>>>    <Task>0</Task>
>>>>>    <Opcode>0</Opcode>
>>>>>    <Keywords>0x80000000000000</Keywords>
>>>>>    <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" />
>>>>>    <EventRecordID>3205</EventRecordID>
>>>>>    <Correlation />
>>>>>    <Execution ProcessID="0" ThreadID="0" />
>>>>>    <Channel>System</Channel>
>>>>>    <Computer>DCITDCT01.mydomain.local</Computer>
>>>>>    <Security />
>>>>>  </System>
>>>>>  <EventData>
>>>>>  </EventData>
>>>>> </Event>
>>>>>
>>>>> ----------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> I don't have any other error except DFS Replication that I maid for 
>>>>> remote backup.
>>>>>
>>>>> Did you need more details or log?
>>>>
>>>>
>>>>
>>>> Thank you for posting this info. All the errors indicate the CA is not 
>>>> resolvable or responding. Follow Jorge's suggestions.
>>>>
>>>> Also, I was curious of this part, but I didn't see it in your response:
>>>>
>>>> Can you connect to the CA using a browser? If you can, you can request 
>>>> a
>>>> cert.
>>>>
>>>> https://dcshdct02
>>>> or
>>>> http://dcshdct02
>>>>
>>>> Ace
>>>>
>>
>>
>> 
0
Jorge
2/15/2010 8:32:24 PM
I already saw this error, but the problem was related with cached 
credentials on the requester... Can you check that please?

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
news:uF8JbfkrKHA.728@TK2MSFTNGP04.phx.gbl...
> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
> news:ZJ-dnXbXZ6-XmeTWnZ2dnUVZ8hudnZ2d@giganews.com...
>>I do exacly what you say. But I have always the two errors :
>>
>> First :
>>
>> Certificate enrollment for Local system failed to enroll for a 
>> DomainController certificate with request ID N/A from 
>> APSHDCT02.audemarspiguet.local\audemarspiguet-APSHDCT02-CA (The RPC 
>> server is unavailable. 0x800706ba (WIN32: 1722)).
>>
>> Second :
>>
>> Automatic certificate enrollment for local system failed (0x800706ba) The 
>> RPC server is unavailable.
>>
>>
>>
>
> As I mentioned earlier, RPC errors such as this means there is a 
> communication block or DNS lookup issue. I assume DNS has the DCs listed, 
> so I think tehre is a block going on elsewhere.
>
> Ace
>
>
> 
0
Jorge
2/15/2010 8:34:06 PM
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
news:329CF86E-A5BE-4D40-9EF8-37687A2D1343@microsoft.com...
>I already saw this error, but the problem was related with cached 
>credentials on the requester... Can you check that please?
>


Good point. I forgot. :-)

Possibly run in a cmd prompt to check what credentials are stored:
Control keymgr.dll

However, I don't think it's in there. Maybe clear and restart IE?

Ace 


0
Ace
2/16/2010 12:42:48 AM
> However, I don't think it's in there. Maybe clear and restart IE?

In fact, I saw my user in the Credential manager! I remove it and restart 
IE.... without success! I always need to enter my credential!

To be honest, I think that when I do a dcpromo like another server something 
go wrong!

I'll try to depromate my dc, remove my dns server reboot it and do again a 
dcpromo.




"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
news:ewho3DqrKHA.3944@TK2MSFTNGP06.phx.gbl...
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message 
> news:329CF86E-A5BE-4D40-9EF8-37687A2D1343@microsoft.com...
>>I already saw this error, but the problem was related with cached 
>>credentials on the requester... Can you check that please?
>>
>
>
> Good point. I forgot. :-)
>
> Possibly run in a cmd prompt to check what credentials are stored:
> Control keymgr.dll
>
> However, I don't think it's in there. Maybe clear and restart IE?
>
> Ace
> 
0
Julien
2/17/2010 9:16:13 AM
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message 
news:e7ednU9Pyox9LubWnZ2dnUVZ7sudnZ2d@giganews.com...
>> However, I don't think it's in there. Maybe clear and restart IE?
>
> In fact, I saw my user in the Credential manager! I remove it and restart 
> IE.... without success! I always need to enter my credential!
>
> To be honest, I think that when I do a dcpromo like another server 
> something go wrong!
>
> I'll try to depromate my dc, remove my dns server reboot it and do again a 
> dcpromo.
>

You've been wrestling with this for over two weeks now. Have you possibly 
considered calling Microsoft PSS for assistance to get this resolved? A 
single call and they can resolve everything associated with this issue in 
one ticket. Just make sure you state everything in the ticket so they all 
get resolved.

Ace 


0
Ace
2/18/2010 6:43:13 PM
Reply:

Similar Artilces:

link error _IID_IHTMLInputElement
I was trying to use IHTMLInputElement so I downloaded and installed all the latest platform SDKs from http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ Ater I included the new include path (C:\PROGRAM FILES\MICROSOFT SDK\INCLUDE) to Tools->Options- >Directories->Include Files and tried to re-compile again, I get the following error: "error LNK2001: unresolved external symbol _IID_IHTMLInputElement fatal error LNK1120: 1 unresolved externals" Which libraries do I have to include? Can anyone help me? Thanks! Julia P.S.: I am using IE 6.0 ...

Error when sending to Distribution List
I am getting a "An Unexpected Error has Occurred" box when trying to send an e-mail using distribution list. I have deleted the whole list and started over. and was able to send one e-mail with the new distribution list but now I am getting the error again. I just sent the e-mail out through individual e-mail addresses and did not have a problem. I don't think it has to do with incorrect e-mail addresses. I am using Exchange Server and there are only 12 names on the DL so it should not be a capacity issue either. Anoyone have ideas? ...

GP upgrade to sp4 error
When upgrading to sp4, the working companies upgraded fine. The only problem is with the TWO company. It gives an invalid column name 'ACTNUMBR_4' erro while running stores procedures. It appears the script SE_Get_Acc_Detail_Hist is creating an error when it tries to load. We use the sample company for testing so it can be removed if needed, but would like to keep. Can't find anything anywhere on this error. Any help would be appreciated. Hi Charles, As alternative to troubleshooting, you can always re-initialise TWO by running GP Utilitiies and select to 'Re-a...

Integration Manager Error #6
have an integration format which gives DOC 1 ERROR - you don't have security privileges to open this window and then a DOC 2 WARNING - A fiscal period for posting date has not been setup the integration goes ahead and processes through but doesnt bring in first record! we have checked permissions and don't see any issues and fiscal period is setup in GP Any ideas? We have to put a dummy record in the import file now so it doesnt eliminate a real record to get it imported presently. Would like to not have to do this any more. Glen, Can the person who is running the integratio...

Error Logs
I have a user that receives a generic error when trying to create a CRM Appointment in CRM. It reads something about contact your administrator...Try again? Is there anymore than that logged anywhere? That's not much to go on in trying to troubleshoot why some can create appointments and he can't. Check for entries by "Microsoft CRM" in the Application Event Log on the CRM Server. Mike "KBLawson" <klawson@aetinc.com> wrote in message news:6b62a526.0401211208.39fdf0ed@posting.google.com... > I have a user that receives a generic error when trying to c...

Restrict a user from sending outside the domain?
I am following the directions given in the link below, but the user can still send outside the domain. How can I prevent this user from sending outside? http://www.msexchange.org/tutorials/MF009.html Jen I don't remember if that article addresses this: http://support.microsoft.com/default.aspx?scid=kb;en-us;277872 -- Susan Conkey [MVP] "Jennifer Mar" <ph1sh99@hotmail.com> wrote in message news:eE2tu$B1FHA.3000@TK2MSFTNGP12.phx.gbl... > I am following the directions given in the link below, but the user can > still send outside the domain. How can I prevent t...

CRM 3 Authentication Error
Good Day, When I attempt to logon to CRM 3.0 I get Authentication Error with the following text : "Microsoft CRM could not log you on to the system. Make sure your user record is enabled and that you have been assigned at least one security role." this case is happend suddenly, it was Working Fine, and when Case is Happend , i attended to re-start My CRM server IIS, but i still got the same authentication error. i checked that All three services are started . my current production environment Windows 2003 SP2 SQL 2000 CRM 3.0 I have been fighting this issue for several d...

Receivin error when starting outlook 97
When starting OUtlook 97, I receive an error: outlook.exe has encountered a problem and needs to close. I re-insatlled 97 office with the same results - any ideas? ...

Error Using NTBackup on Information Store
Could anyone point me in the direction to solve this error. Backup Status Operation: Backup Active backup destination: File Media name: "20060515.bkf created 5/15/2006 at 10:39 AM" Backup of "DELL-6450-4SK7B\Microsoft Information Store\First Storage Group" Backup set #1 on media #1 Backup description: "Set created 5/15/2006 at 10:39 AM" Media name: "20060515.bkf created 5/15/2006 at 10:39 AM" Backup Type: Normal Backup started on 5/15/2006 at 10:40 AM. Folder DELL-6450-4SK7B\Microsoft Information Store\First Storage Group\Mailbox Store (DELL-6450-4S...

Cannot find file error #2
Product- MS Office 2000 SR-1 OS- Windows 98 When I open Excel and navigate to a Excel (XLS) file, I have no problem opening the file. But if I open "My Computer" or Microsoft Explorer" and navigate straight to the file and double click on the file, Excel does open but after a second or two I get this error. Cannot find file c:\windows\desktop\filename.xls (or one of it's components) Make sure the path and filename are correct and that all required libraries are available. I re-installed with no help, I re-associated XLS files and I also unchecked the DDE box under ...

Important about IBM XML Certification
IBM - XML Certification http://educational-world.blogspot.com/2007/10/ibm-certified-solution-developer-xml-11.html Sun Java Certifications http://educational-world.blogspot.com/2007/06/sun-java-certifications.html ...

visual basic error
In the following code, I get an error at the last 2 commands: Function AvgPts() ' ' AvgRounds Macro ' Macro recorded 11/06/99 by Charles G. Woll Application.Volatile 'On Error GoTo ErrorHandler Dim total_plays As Byte, used_plays As Byte Dim I As Double, cnt As Double Dim Row As Double, col As Double total_plays = 7 used_plays = 5 Row = Application.Caller.Row col = Application.Caller.Column -------------------------------------------------------------- The Row function immediately returns an error. Charlie It worked fine for me. How did...

#NUM! error
Whats wrong. {=SUM((Sheet1!A:A="*")*(Sheet1!B:B="\\\\\\CC\\\\\\") *Sheet1!E:E)} thanks in advance You can't use entire columns or rows in array formulae. Try (array-entered): =SUM((Sheet1!A1:A65535="*")*(Sheet1!B1:B65535="\\\\\\CC\\\\\\") *Sheet1!E1:E65535)} or (not array-entered, but an array formula none-the-less): =SUMPRODUCT(--(Sheet1!A1:A65535="*"), --(Sheet1!B1:B65535="\\\\\\CC\\\\\\"), Sheet1!E1:E65535) (not array-entered, but an array formula none-the-less). In article <836401c477ea$0ab36c80$a301280a@phx...

DCOM Error
Toshiba Satellite Pro, L300EZ1004X, Win XP Pro, SP3. Two years old, original OS. Not a downgrade from Vista, 3 GB RAM, hard drive 85% free. Recently upgraded to SP3. Beforehand I checked the Toshiba download site for any new drivers for this model and downloaded and installed a new Intel PRO/Wireless 3945ABG adapter driver I’ve been getting the following Error in Event Viewer since the driver upgrade. I rolled back to the original driver, but still receive this error. Further, I can't find the exact key referred to in the Microsoft suggested User Action I am ou...

getting STMP pop server error
having outlook send problems..error STMP POP server That is a real bummer. Maybe you would like to share your version of Outlook and the error message as per verbatim -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. http://www.microsoft.com/protect "FJBERTH" <FJBERTH@discussions.microsoft.com> wrote in message news:3B2BCC6B-0894-41F3-802C-68CA238157D0@microsoft.com... > having outlook send problems..error STMP POP server ...

Outlook closes with error
Outlook causes an error and closes everytime something is done with calander (including reminders) Works fine otherwise. Error signature AppName: outlook.exe AppVer: 11.0.6353.0 AppStamp: 408f2937 MadName: unknown ModVer: 0.0.0.0 ModStamp: 00000000 fDebug: 0 Offset: 35418e9f Also get this error from Microsoft: OUTLOOK.EXE - Application Error The instructions at "0x354233cb" referenced memory at "0x009feca1". The memory could no be "written". Click on OK to terminate the program G. Le Canu STMU <G. Le Canu STMU@discussions.microsoft.com> wrote...

Keep getting error from code
Good morning. Good to see the board back up. Here's my problem. I have a form with a staff Id. These Ids are unique because there are no duplicates. I click on "New" for new record. Then have the code check to see if it is a duplicate record Private Sub StaffId_BeforeUpdate(Cancel As Integer) 10 On Error GoTo Err_Form_BeforeUpdate 20 If Not IsNull(DLookup("[staffid]", "tblMain", "[staffid] = '" & Me! [StaffId] & "'")) Then 30 Select Case MsgBox("Sorry, This is a duplicate Staff Id Number,"...

#5.7.1 Permission Error
I have a multifunction KonicaMinolta bizhub 7222 device wired to the domain. I set the scanner up so that it sends the scans as emails via our SMTP Exchange 2003 server. The email goes through fine when it is send to users who can receive outside email (everyone; authenticated users is unchecked). However I get a 5.7.1 Permission error when delivering the email to those users who are limited to receiving emails within the domain. the Konica device does not autheticate on the domain , however I have created a user account in AD and Exchange. How can I allow everyone in my domain to receive t...

Array Bounds Write Errors on Recordset Open
When I'm running my application through Purify I keep getting "Array Bounds Write Errors". For example, when I execute the following code: CRecordset recSet(m_pDatabase); recSet.Open(CRecorset::forwardOnly, _T("SELECT hos_title from hosmas")); Purify reports the following: ABW: Array bounds write in MultiByteToWideChar Writing 120 bytes to 0x022850e0 (56 bytes at 0x02285120 illegal) CRecordset::PrepareAndExecute(void) [dbcore.cpp:2421] else { AFX_ODBC_CALL(::SQLPrepare(m_hstmt, (UCHAR*)lpszWSQL, SQL_NTS)); } This happens on EVERY database transaction that ...

Error running reports
I have created several custom reports and when previewing them in Visual Studio that run as expected. However, once I upload them to CRM I receive the following error message: Microsoft.Crm.CrmException: Thread.CurrentPrincipal is not a WindowsPrincipal Has anyone come across this before? ...

Permissions Error When There Shouldn't Be One
I have several Access 2003 databases that are all occasionally giving me the same problem. For no apparent reason, a user (sometimes me, sometimes someone else) will get a message telling them that they do not have permission to use a query or table. Yet when I check their permissions in my User & Group Permissions, it shows that they have full Admin privileges for the same query or table. This has happened to me multiple times with queries I created in databases I designed. Any idea what could be causing this and how to stop it? -- Amy E. Baggott "I''m going craz...

OpenPrinter error
Hello World, I am trying to access some printer information and have been unable to successfully use the OpenPrinter function. It returns zero, which is an error, but when I use the GetLastError function immediately afterward it also returns zero, which indicates that there was no error. My code is as follows: ----- char message[100]; CString pName; LPTSTR lpName; LPHANDLE handle; int i; m_Printername.GetLBText( m_Printername.GetCurSel (), pName ); lpName = new TCHAR[pName.GetLength()+1]; _tcscpy(lpName, pName); if (OpenPrinter(lpName,handle,NULL) == 0) { i = GetLastError(); sprintf...

Error 4015
I am setting up an exchange 5.5 service pack 4 server to restore two deleted mail boxes. I install Exchange with /R option and restore the IS directory. Try to start the information store and get specific error 4015. I checked to see if the server name is the same in the MSExchangeIS key and everything seems ok. Any ideas on what is wrong? Anything in Application Event log? Have you ever renamed this machine? Kim Wilson wrote: > I am setting up an exchange 5.5 service pack 4 server to > restore two deleted mail boxes. I install Exchange > with /R option and restore the I...

Runtime Error on Outlook 2002
I have two profiles that I chose from when Outlook 2002=20 starts. If the profile I chose to open is the same that I=20 last used, it works fine. If not, Outlook opens and then=20 displays an error message (Microsoft Virtual C++ Runtime=20 Library. Program: OUTLOOK.EXE. Message: This application=20 has requested the Runtime to terminate it in an unusual=20 way. Please contact the application=B4s support team for=20 more information). Outlook is then closed. If I open it=20 again with the profile that just caused the error, it=20 works OK the second time. Anyone can give me a hint on how to so...

Money 2005
Hello! Please apologize my poor English! But there is no German Group for this product. Yesterday I got a new Money 2005 bought by Amazon. After installing and while I was preparing a new bank account I got the offer to update. I canceled this update and worked, imported datas from my bank and so on. All worked correct! Maybe an hour or so later I got again the offer to update and I accepted. After updating, closing und performing a new start of Money I always get the error message - "Runtime Error! Program: C:\Programme\Microsoft Money 2005\MNYCoreFiles\msmoney.exe R6025 - pure vi...