Hello, I have installed a entreprise CA on my new domain. I see that all my DC recieved a Domain Controler certificate except one. If I check the log I can see two event : First : Eventid 6 : Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable. Second : EventID 13 : Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from DCSHDCT02.mydomaint.local\mydomain-DCSHDCT02-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). The message seems to be clear, but if i try to do a telnet one DCSHDCT02 I can see a connection! Then, I can say the RPC server is on and working well. Can anybody help me? --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
![]() |
0 |
![]() |
<jithurbide@gmail.com> wrote in message news:rln5m5p9hg7qq6agbjrnqag382s1ho5k3j@4ax.com... > Hello, > > I have installed a entreprise CA on my new domain. I see that all my > DC recieved a Domain Controler certificate except one. > > If I check the log I can see two event : > > First : Eventid 6 : > > Automatic certificate enrollment for local system failed (0x800706ba) > The RPC server is unavailable. > > Second : EventID 13 : > > Certificate enrollment for Local system failed to enroll for a > DomainController certificate with request ID N/A from > DCSHDCT02.mydomaint.local\mydomain-DCSHDCT02-CA (The RPC server is > unavailable. 0x800706ba (WIN32: 1722)). > > The message seems to be clear, but if i try to do a telnet one > DCSHDCT02 I can see a connection! Then, I can say the RPC server is on > and working well. > > Can anybody help me? It's more than just telnet. The RPC server is unavailable message simply means it either cannot fully communicate with the necessary ports to the server, DNS cannot resolve all necessary records (SRV and "A" records), or the server is completely down. Since you can telnet, then it's indicating the server is up but there are possibly some firewall ports blocked. Within a private infrastructure, it is assumed that all ports are allowed and opened between all servers and workstations. I remember you said you 'changed your firewall strategy' in another thread regarding your Sites issues. What exactly is your new strategy? -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution. Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
![]() |
0 |
![]() |
Hi To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. IF it asks for authentication credentials, you may have a FW issue, name resolution problems (from CA side or DC side). A workaround for this may be to cache the credentials on DC side (using the option save the credentials when you're doing the SMB connection). -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. <jithurbide@gmail.com> wrote in message news:rln5m5p9hg7qq6agbjrnqag382s1ho5k3j@4ax.com... > Hello, > > I have installed a entreprise CA on my new domain. I see that all my > DC recieved a Domain Controler certificate except one. > > If I check the log I can see two event : > > First : Eventid 6 : > > Automatic certificate enrollment for local system failed (0x800706ba) > The RPC server is unavailable. > > Second : EventID 13 : > > Certificate enrollment for Local system failed to enroll for a > DomainController certificate with request ID N/A from > DCSHDCT02.mydomaint.local\mydomain-DCSHDCT02-CA (The RPC server is > unavailable. 0x800706ba (WIN32: 1722)). > > The message seems to be clear, but if i try to do a telnet one > DCSHDCT02 I can see a connection! Then, I can say the RPC server is on > and working well. > > Can anybody help me? > > > --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
![]() |
0 |
![]() |
Hello, > I remember you said you 'changed your firewall strategy' in another thread > regarding your Sites issues. What exactly is your new strategy? Ok fist I have block all trafics execpt for AD port. But, I discover that with winsows 2008 r2 Ad need to have a range of port open. Then I open IP communication between all DC! Then, I can say that it's not a problem with my firewall! Julien
![]() |
0 |
![]() |
Hello, You say : > To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. What is the CAName ? My computer name ? like dcshdct02 ? or the name I can see on the Certification authority MMC? I can browse the CA with the comupter name \\dcshdct02 but not the name I see on the CA MMC. Julien
![]() |
0 |
![]() |
"Julien" <jithurbide@removegmail.com> wrote in message news:Od9jrizoKHA.5260@TK2MSFTNGP02.phx.gbl... > Hello, > > >> I remember you said you 'changed your firewall strategy' in another >> thread regarding your Sites issues. What exactly is your new strategy? > > Ok fist I have block all trafics execpt for AD port. But, I discover that > with winsows 2008 r2 Ad need to have a range of port open. Then I open IP > communication between all DC! Then, I can say that it's not a problem with > my firewall! > > Julien > > There are numerous ports that AD needs, as you know. Usually we just open it up wide open and let it have everything, otherwise if you try to make port exceptions in a firewall, it turns it into Swiss cheese anyway. Can you post exactly what ports you opened up? Also, if you followed an article on what ports to open, can you post the article you followed? Ace
![]() |
0 |
![]() |
"Julien" <jithurbide@removegmail.com> wrote in message news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... > Hello, > > You say : > >> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. > > What is the CAName ? My computer name ? like dcshdct02 ? or the name I can > see on the Certification authority MMC? > > I can browse the CA with the comupter name \\dcshdct02 but not the name I > see on the CA MMC. > > Julien > > The CAName is the computer name of your CA (Certificate Authority) server. Is dcshdct02 the name of the CA? If so, what do you mean by can't browse by the name in the CA MMC console? what name is that? Ace
![]() |
0 |
![]() |
Hello, First I have open the port TCP/UDP: 1025 1030 123 135 139 3268 389 445 49155 49159 88 53 750 But now, I have open all TCP/UDP trafic !!!!! "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message news:eFvusq1oKHA.4836@TK2MSFTNGP05.phx.gbl... > "Julien" <jithurbide@removegmail.com> wrote in message > news:Od9jrizoKHA.5260@TK2MSFTNGP02.phx.gbl... >> Hello, >> >> >>> I remember you said you 'changed your firewall strategy' in another >>> thread regarding your Sites issues. What exactly is your new strategy? >> >> Ok fist I have block all trafics execpt for AD port. But, I discover that >> with winsows 2008 r2 Ad need to have a range of port open. Then I open IP >> communication between all DC! Then, I can say that it's not a problem >> with my firewall! >> >> Julien >> >> > > > There are numerous ports that AD needs, as you know. Usually we just open > it up wide open and let it have everything, otherwise if you try to make > port exceptions in a firewall, it turns it into Swiss cheese anyway. > > Can you post exactly what ports you opened up? Also, if you followed an > article on what ports to open, can you post the article you followed? > > Ace > >
![]() |
0 |
![]() |
Hello, In fact, the computer name is dcshdct02, but if I open the certification authority MMC, the name of the server is : mydomain-DCSHDCT02-CA. "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... > "Julien" <jithurbide@removegmail.com> wrote in message > news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >> Hello, >> >> You say : >> >>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. >> >> What is the CAName ? My computer name ? like dcshdct02 ? or the name I >> can see on the Certification authority MMC? >> >> I can browse the CA with the comupter name \\dcshdct02 but not the name I >> see on the CA MMC. >> >> Julien >> >> > > > The CAName is the computer name of your CA (Certificate Authority) server. > > Is dcshdct02 the name of the CA? If so, what do you mean by can't browse > by the name in the CA MMC console? what name is that? > > Ace >
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:%239DAJY%23oKHA.5328@TK2MSFTNGP04.phx.gbl... > Hello, > > First I have open the port TCP/UDP: > > 1025 > 1030 > 123 > 135 > 139 > 3268 > 389 > 445 > 49155 > 49159 > 88 > 53 > 750 > > But now, I have open all TCP/UDP trafic !!!!! That's good you opened all traffic. There are more ports that are required than you posted. That was why you got the errors. You were missing the Service ports. For more information on ports required, please read the following to understand better what ports AD requires. It's not as simple as the ports you mentioned. That was why I was saying it is easier just to allow ALL ports, for after all, if it is an internal private network, you are safe anyway. Paul Bergson's Blog on AD Replication and Firewall Ports http://www.pbbergs.com/windows/articles/FirewallReplication.html Restricting Active Directory replication traffic and client RPC ....Restricting Active Directory replication traffic and client RPC traffic to a ... unique port, and you restart the Netlogon service on the domain controller. ... http://support.microsoft.com/kb/224196 How to restrict FRS replication traffic to a specific static port - How to restrict FRS replication traffic to a specific static port ... Windows 2000-based domain controllers and servers use FRS to replicate system policy .... http://support.microsoft.com/kb/319553 Network Ports Used by Key Microsoft Server Products - You can also restrict the range of ports that RPC dynamically assigns to a small range, ..... Windows domain controllers use the SMTP service for intersite ... http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx Ace
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:OoKFGa%23oKHA.1548@TK2MSFTNGP02.phx.gbl... > Hello, > > In fact, the computer name is dcshdct02, but if I open the certification > authority MMC, the name of the server is : mydomain-DCSHDCT02-CA. > That appears to be the CA name you gave it, not the computer name. Ace
![]() |
0 |
![]() |
Hi Yes, test the connection using \\dcshdct02 -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... > Hello, > > In fact, the computer name is dcshdct02, but if I open the certification > authority MMC, the name of the server is : mydomain-DCSHDCT02-CA. > > > > "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in > message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >> "Julien" <jithurbide@removegmail.com> wrote in message >> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>> Hello, >>> >>> You say : >>> >>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. >>> >>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I >>> can see on the Certification authority MMC? >>> >>> I can browse the CA with the comupter name \\dcshdct02 but not the name >>> I see on the CA MMC. >>> >>> Julien >>> >>> >> >> >> The CAName is the computer name of your CA (Certificate Authority) >> server. >> >> Is dcshdct02 the name of the CA? If so, what do you mean by can't browse >> by the name in the CA MMC console? what name is that? >> >> Ace >>
![]() |
0 |
![]() |
Hello, I have tested and it's working ! "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... > Hi > Yes, test the connection using \\dcshdct02 > > > -- > > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MVP Directory Services > > Please no e-mails, any questions should be posted in the NewsGroup > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >> Hello, >> >> In fact, the computer name is dcshdct02, but if I open the certification >> authority MMC, the name of the server is : mydomain-DCSHDCT02-CA. >> >> >> >> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>> "Julien" <jithurbide@removegmail.com> wrote in message >>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>> Hello, >>>> >>>> You say : >>>> >>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. >>>> >>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I >>>> can see on the Certification authority MMC? >>>> >>>> I can browse the CA with the comupter name \\dcshdct02 but not the name >>>> I see on the CA MMC. >>>> >>>> Julien >>>> >>>> >>> >>> >>> The CAName is the computer name of your CA (Certificate Authority) >>> server. >>> >>> Is dcshdct02 the name of the CA? If so, what do you mean by can't browse >>> by the name in the CA MMC console? what name is that? >>> >>> Ace >>>
![]() |
0 |
![]() |
Hello, I can do a SMB connection but I don't have the certificate. Can any body help me to resolve this issue? Julien "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... > Hi > Yes, test the connection using \\dcshdct02 > > > -- > > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MVP Directory Services > > Please no e-mails, any questions should be posted in the NewsGroup > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >> Hello, >> >> In fact, the computer name is dcshdct02, but if I open the certification >> authority MMC, the name of the server is : mydomain-DCSHDCT02-CA. >> >> >> >> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>> "Julien" <jithurbide@removegmail.com> wrote in message >>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>> Hello, >>>> >>>> You say : >>>> >>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. >>>> >>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I >>>> can see on the Certification authority MMC? >>>> >>>> I can browse the CA with the comupter name \\dcshdct02 but not the name >>>> I see on the CA MMC. >>>> >>>> Julien >>>> >>>> >>> >>> >>> The CAName is the computer name of your CA (Certificate Authority) >>> server. >>> >>> Is dcshdct02 the name of the CA? If so, what do you mean by can't browse >>> by the name in the CA MMC console? what name is that? >>> >>> Ace >>>
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... > Hello, > > I can do a SMB connection but I don't have the certificate. > > Can any body help me to resolve this issue? > > Julien Can you connect to the CA using a browser? If you can, you can request a cert. https://dcshdct02 or http://dcshdct02 Also, you said that you've opened the firewall up wide open, correct? That should have alleviated the RPC errors. However, if it didn't resolve the errors, then something else is going on. It could be using the wrong DNS, multihomed DC (more than one NIC and/or RRAS is installed on a DC) which will cause these problems, too, due to incorrect DNS lookups, which will stop GPOs from applying, among other things. Can you post an ipconfig /all from the DC, as well as any EventID# errors (App, System, FRS, Dir Service logs)? Ace
![]() |
0 |
![]() |
Is the CA service started? Did you test SMB from that DC? IS that DC passing through ISA? IF yes, can you disable the RPC filter for that rule and test again? You may need to reboot the DC twice until that error goes away. -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... > Hello, > > I can do a SMB connection but I don't have the certificate. > > Can any body help me to resolve this issue? > > Julien > > > > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >> Hi >> Yes, test the connection using \\dcshdct02 >> >> >> -- >> >> I hope that the information above helps you. >> Have a Nice day. >> >> Jorge Silva >> MVP Directory Services >> >> Please no e-mails, any questions should be posted in the NewsGroup >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> >> >> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>> Hello, >>> >>> In fact, the computer name is dcshdct02, but if I open the certification >>> authority MMC, the name of the server is : mydomain-DCSHDCT02-CA. >>> >>> >>> >>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>> Hello, >>>>> >>>>> You say : >>>>> >>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. >>>>> >>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name I >>>>> can see on the Certification authority MMC? >>>>> >>>>> I can browse the CA with the comupter name \\dcshdct02 but not the >>>>> name I see on the CA MMC. >>>>> >>>>> Julien >>>>> >>>>> >>>> >>>> >>>> The CAName is the computer name of your CA (Certificate Authority) >>>> server. >>>> >>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't >>>> browse by the name in the CA MMC console? what name is that? >>>> >>>> Ace >>>>
![]() |
0 |
![]() |
Hello, This is my ipconfig : ---------------------------------------------------------------------------------------------- ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : DCITDCT01 Primary Dns Suffix . . . . . . . : mydomain.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : mydomain.local Ethernet adDCter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.11.254 DNS Servers . . . . . . . . . . . : 192.168.11.14 192.168.30.2 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATDC AdDCter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adDCter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes ------------------------------------------------------------------------------------------------------------- Here are my application log error : ------------------------------------------------------------------------------------------------------------- Log Name: DCplication Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment Date: 10.02.2010 05:42:07 Event ID: 6 Task Category: None Level: Error Keywords: Classic User: N/A Computer: DCITDCT01.mydomain.local Description: Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable. .. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" /> <EventID Qualifiers="16384">6</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> <EventRecordID>2334</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>DCplication</Channel> <Computer>DCITDCT01.mydomain.local</Computer> <Security /> </System> <EventData> <Data Name="Context">local system</Data> <Data Name="ErrorCode">0x800706ba</Data> <Data Name="ErrorMsg">The RPC server is unavailable. </Data> </EventData> </Event> Log Name: DCplication Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Date: 10.02.2010 05:42:07 Event ID: 13 Task Category: None Level: Error Keywords: Classic User: SYSTEM Computer: DCITDCT01.mydomain.local Description: Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" /> <EventID Qualifiers="49754">13</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> <EventRecordID>2333</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>DCplication</Channel> <Computer>DCITDCT01.mydomain.local</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="Context">Local system</Data> <Data Name="TemplateName">DomainController</Data> <Data Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data> <Data Name="CA">N/A</Data> <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba (WIN32: 1722)</Data> </EventData> </Event> Log Name: DCplication Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Date: 10.02.2010 05:41:26 Event ID: 64 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: DCITDCT01.mydomain.local Description: Certificate enrollment for Local system successfully load policy from policy server Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" /> <EventID Qualifiers="33370">64</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> <EventRecordID>2332</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>DCplication</Channel> <Computer>DCITDCT01.mydomain.local</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="Context">Local system</Data> <Data Name="ServerID"> </Data> </EventData> </Event> Log Name: DCplication Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Date: 10.02.2010 05:41:26 Event ID: 65 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: DCITDCT01.mydomain.local Description: Certificate enrollment for Local system is successfully authenticated by policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9} Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" /> <EventID Qualifiers="33370">65</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> <EventRecordID>2331</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>DCplication</Channel> <Computer>DCITDCT01.mydomain.local</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="Context">Local system</Data> <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data> </EventData> </Event> Log Name: DCplication Source: SceCli Date: 10.02.2010 03:11:30 Event ID: 1704 Task Category: None Level: Information Keywords: Classic User: N/A Computer: DCITDCT01.mydomain.local Description: Security policy in the Group policy objects has been DCplied successfully. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="SceCli" /> <EventID Qualifiers="16384">1704</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" /> <EventRecordID>2330</EventRecordID> <Channel>DCplication</Channel> <Computer>DCITDCT01.mydomain.local</Computer> <Security /> </System> <EventData> <Data> </Data> </EventData> </Event> --------------------------------------------------------------------------------------------------------------------------- Here are my system log error : ----------------------------------------------------------------------------------------------------------------------------- Log Name: System Source: Microsoft-Windows-Kerberos-Key-Distribution-Center Date: 10.02.2010 01:39:03 Event ID: 29 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: DCITDCT01.mydomain.local Description: The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" /> <EventID Qualifiers="32768">29</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" /> <EventRecordID>3205</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>DCITDCT01.mydomain.local</Computer> <Security /> </System> <EventData> </EventData> </Event> ---------------------------------------------------------------------------------------------------------------------------------------------------------- I don't have any other error except DFS Replication that I maid for remote backup. Did you need more details or log? "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message news:uTweL9NqKHA.4280@TK2MSFTNGP06.phx.gbl... > > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >> Hello, >> >> I can do a SMB connection but I don't have the certificate. >> >> Can any body help me to resolve this issue? >> >> Julien > > Can you connect to the CA using a browser? If you can, you can request a > cert. > > https://dcshdct02 > or > http://dcshdct02 > > Also, you said that you've opened the firewall up wide open, correct? That > should have alleviated the RPC errors. However, if it didn't resolve the > errors, then something else is going on. It could be using the wrong DNS, > multihomed DC (more than one NIC and/or RRAS is installed on a DC) which > will cause these problems, too, due to incorrect DNS lookups, which will > stop GPOs from applying, among other things. > > Can you post an ipconfig /all from the DC, as well as any EventID# errors > (App, System, FRS, Dir Service logs)? > > Ace > >
![]() |
0 |
![]() |
Hello, > Did you test SMB from that DC? Yes, I did. I test smb connection form and to my dc. > IS that DC passing through ISA? No, we don't use ISA! >You may need to reboot the DC twice I'll try this, this night, but if I remember well I already reboot it more thant twice. Julien "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com... > Is the CA service started? > Did you test SMB from that DC? > IS that DC passing through ISA? IF yes, can you disable the RPC filter for > that rule and test again? You may need to reboot the DC twice until that > error goes away. > > -- > > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MVP Directory Services > > Please no e-mails, any questions should be posted in the NewsGroup > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >> Hello, >> >> I can do a SMB connection but I don't have the certificate. >> >> Can any body help me to resolve this issue? >> >> Julien >> >> >> >> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >>> Hi >>> Yes, test the connection using \\dcshdct02 >>> >>> >>> -- >>> >>> I hope that the information above helps you. >>> Have a Nice day. >>> >>> Jorge Silva >>> MVP Directory Services >>> >>> Please no e-mails, any questions should be posted in the NewsGroup >>> This posting is provided "AS IS" with no warranties, and confers no >>> rights. >>> >>> >>> >>> >>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>>> Hello, >>>> >>>> In fact, the computer name is dcshdct02, but if I open the >>>> certification authority MMC, the name of the server is : >>>> mydomain-DCSHDCT02-CA. >>>> >>>> >>>> >>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>>> Hello, >>>>>> >>>>>> You say : >>>>>> >>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. >>>>>> >>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name >>>>>> I can see on the Certification authority MMC? >>>>>> >>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the >>>>>> name I see on the CA MMC. >>>>>> >>>>>> Julien >>>>>> >>>>>> >>>>> >>>>> >>>>> The CAName is the computer name of your CA (Certificate Authority) >>>>> server. >>>>> >>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't >>>>> browse by the name in the CA MMC console? what name is that? >>>>> >>>>> Ace >>>>>
![]() |
0 |
![]() |
Ok, do that, can you also explain these 2 DNS entries: 192.168.30.2 127.0.0.1 -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com... > Hello, > >> Did you test SMB from that DC? > > Yes, I did. I test smb connection form and to my dc. > >> IS that DC passing through ISA? > > No, we don't use ISA! > >>You may need to reboot the DC twice > > I'll try this, this night, but if I remember well I already reboot it more > thant twice. > > > Julien > > > > > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com... >> Is the CA service started? >> Did you test SMB from that DC? >> IS that DC passing through ISA? IF yes, can you disable the RPC filter >> for that rule and test again? You may need to reboot the DC twice until >> that error goes away. >> >> -- >> >> I hope that the information above helps you. >> Have a Nice day. >> >> Jorge Silva >> MVP Directory Services >> >> Please no e-mails, any questions should be posted in the NewsGroup >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> >> >> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >>> Hello, >>> >>> I can do a SMB connection but I don't have the certificate. >>> >>> Can any body help me to resolve this issue? >>> >>> Julien >>> >>> >>> >>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >>>> Hi >>>> Yes, test the connection using \\dcshdct02 >>>> >>>> >>>> -- >>>> >>>> I hope that the information above helps you. >>>> Have a Nice day. >>>> >>>> Jorge Silva >>>> MVP Directory Services >>>> >>>> Please no e-mails, any questions should be posted in the NewsGroup >>>> This posting is provided "AS IS" with no warranties, and confers no >>>> rights. >>>> >>>> >>>> >>>> >>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>>>> Hello, >>>>> >>>>> In fact, the computer name is dcshdct02, but if I open the >>>>> certification authority MMC, the name of the server is : >>>>> mydomain-DCSHDCT02-CA. >>>>> >>>>> >>>>> >>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>>>> Hello, >>>>>>> >>>>>>> You say : >>>>>>> >>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that >>>>>>>> DC. >>>>>>> >>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the name >>>>>>> I can see on the Certification authority MMC? >>>>>>> >>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the >>>>>>> name I see on the CA MMC. >>>>>>> >>>>>>> Julien >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> The CAName is the computer name of your CA (Certificate Authority) >>>>>> server. >>>>>> >>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't >>>>>> browse by the name in the CA MMC console? what name is that? >>>>>> >>>>>> Ace >>>>>>
![]() |
0 |
![]() |
ok simple 127.0.0.1 I have delete ... I don't know why is here. 192.168.30.2 is my central site and my fist DC on my domain. I have a lot of site and this address is the ranch for my central offices. "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com... > Ok, do that, can you also explain these 2 DNS entries: > 192.168.30.2 > 127.0.0.1 > > -- > > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MVP Directory Services > > Please no e-mails, any questions should be posted in the NewsGroup > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com... >> Hello, >> >>> Did you test SMB from that DC? >> >> Yes, I did. I test smb connection form and to my dc. >> >>> IS that DC passing through ISA? >> >> No, we don't use ISA! >> >>>You may need to reboot the DC twice >> >> I'll try this, this night, but if I remember well I already reboot it >> more thant twice. >> >> >> Julien >> >> >> >> >> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com... >>> Is the CA service started? >>> Did you test SMB from that DC? >>> IS that DC passing through ISA? IF yes, can you disable the RPC filter >>> for that rule and test again? You may need to reboot the DC twice until >>> that error goes away. >>> >>> -- >>> >>> I hope that the information above helps you. >>> Have a Nice day. >>> >>> Jorge Silva >>> MVP Directory Services >>> >>> Please no e-mails, any questions should be posted in the NewsGroup >>> This posting is provided "AS IS" with no warranties, and confers no >>> rights. >>> >>> >>> >>> >>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >>>> Hello, >>>> >>>> I can do a SMB connection but I don't have the certificate. >>>> >>>> Can any body help me to resolve this issue? >>>> >>>> Julien >>>> >>>> >>>> >>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >>>>> Hi >>>>> Yes, test the connection using \\dcshdct02 >>>>> >>>>> >>>>> -- >>>>> >>>>> I hope that the information above helps you. >>>>> Have a Nice day. >>>>> >>>>> Jorge Silva >>>>> MVP Directory Services >>>>> >>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>> rights. >>>>> >>>>> >>>>> >>>>> >>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>>>>> Hello, >>>>>> >>>>>> In fact, the computer name is dcshdct02, but if I open the >>>>>> certification authority MMC, the name of the server is : >>>>>> mydomain-DCSHDCT02-CA. >>>>>> >>>>>> >>>>>> >>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >>>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>>>>> Hello, >>>>>>>> >>>>>>>> You say : >>>>>>>> >>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that >>>>>>>>> DC. >>>>>>>> >>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the >>>>>>>> name I can see on the Certification authority MMC? >>>>>>>> >>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the >>>>>>>> name I see on the CA MMC. >>>>>>>> >>>>>>>> Julien >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> The CAName is the computer name of your CA (Certificate Authority) >>>>>>> server. >>>>>>> >>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't >>>>>>> browse by the name in the CA MMC console? what name is that? >>>>>>> >>>>>>> Ace >>>>>>>
![]() |
0 |
![]() |
Ok, - Did you also test SMB from the CA to the DC? - Can you ping from both sides (DC and CA) to each other? - Did you already reboot the DC 2? -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com... > ok simple 127.0.0.1 I have delete ... I don't know why is here. > > 192.168.30.2 is my central site and my fist DC on my domain. > > I have a lot of site and this address is the ranch for my central offices. > > > > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com... >> Ok, do that, can you also explain these 2 DNS entries: >> 192.168.30.2 >> 127.0.0.1 >> >> -- >> >> I hope that the information above helps you. >> Have a Nice day. >> >> Jorge Silva >> MVP Directory Services >> >> Please no e-mails, any questions should be posted in the NewsGroup >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> >> >> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com... >>> Hello, >>> >>>> Did you test SMB from that DC? >>> >>> Yes, I did. I test smb connection form and to my dc. >>> >>>> IS that DC passing through ISA? >>> >>> No, we don't use ISA! >>> >>>>You may need to reboot the DC twice >>> >>> I'll try this, this night, but if I remember well I already reboot it >>> more thant twice. >>> >>> >>> Julien >>> >>> >>> >>> >>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com... >>>> Is the CA service started? >>>> Did you test SMB from that DC? >>>> IS that DC passing through ISA? IF yes, can you disable the RPC filter >>>> for that rule and test again? You may need to reboot the DC twice until >>>> that error goes away. >>>> >>>> -- >>>> >>>> I hope that the information above helps you. >>>> Have a Nice day. >>>> >>>> Jorge Silva >>>> MVP Directory Services >>>> >>>> Please no e-mails, any questions should be posted in the NewsGroup >>>> This posting is provided "AS IS" with no warranties, and confers no >>>> rights. >>>> >>>> >>>> >>>> >>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >>>>> Hello, >>>>> >>>>> I can do a SMB connection but I don't have the certificate. >>>>> >>>>> Can any body help me to resolve this issue? >>>>> >>>>> Julien >>>>> >>>>> >>>>> >>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >>>>>> Hi >>>>>> Yes, test the connection using \\dcshdct02 >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> I hope that the information above helps you. >>>>>> Have a Nice day. >>>>>> >>>>>> Jorge Silva >>>>>> MVP Directory Services >>>>>> >>>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>>> rights. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>>>>>> Hello, >>>>>>> >>>>>>> In fact, the computer name is dcshdct02, but if I open the >>>>>>> certification authority MMC, the name of the server is : >>>>>>> mydomain-DCSHDCT02-CA. >>>>>>> >>>>>>> >>>>>>> >>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >>>>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> You say : >>>>>>>>> >>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that >>>>>>>>>> DC. >>>>>>>>> >>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the >>>>>>>>> name I can see on the Certification authority MMC? >>>>>>>>> >>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not the >>>>>>>>> name I see on the CA MMC. >>>>>>>>> >>>>>>>>> Julien >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> The CAName is the computer name of your CA (Certificate Authority) >>>>>>>> server. >>>>>>>> >>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't >>>>>>>> browse by the name in the CA MMC console? what name is that? >>>>>>>> >>>>>>>> Ace >>>>>>>>
![]() |
0 |
![]() |
> - Did you also test SMB from the CA to the DC? Yes, I do > - Can you ping from both sides (DC and CA) to each other? Yes, I can > - Did you already reboot the DC 2? I have palnned to reboot my dc and the ca this night. "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:7B115C84-012E-4397-8F34-ECAC27074558@microsoft.com... > Ok, > - Did you also test SMB from the CA to the DC? > - Can you ping from both sides (DC and CA) to each other? > - Did you already reboot the DC 2? > > -- > > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MVP Directory Services > > Please no e-mails, any questions should be posted in the NewsGroup > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com... >> ok simple 127.0.0.1 I have delete ... I don't know why is here. >> >> 192.168.30.2 is my central site and my fist DC on my domain. >> >> I have a lot of site and this address is the ranch for my central >> offices. >> >> >> >> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com... >>> Ok, do that, can you also explain these 2 DNS entries: >>> 192.168.30.2 >>> 127.0.0.1 >>> >>> -- >>> >>> I hope that the information above helps you. >>> Have a Nice day. >>> >>> Jorge Silva >>> MVP Directory Services >>> >>> Please no e-mails, any questions should be posted in the NewsGroup >>> This posting is provided "AS IS" with no warranties, and confers no >>> rights. >>> >>> >>> >>> >>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com... >>>> Hello, >>>> >>>>> Did you test SMB from that DC? >>>> >>>> Yes, I did. I test smb connection form and to my dc. >>>> >>>>> IS that DC passing through ISA? >>>> >>>> No, we don't use ISA! >>>> >>>>>You may need to reboot the DC twice >>>> >>>> I'll try this, this night, but if I remember well I already reboot it >>>> more thant twice. >>>> >>>> >>>> Julien >>>> >>>> >>>> >>>> >>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com... >>>>> Is the CA service started? >>>>> Did you test SMB from that DC? >>>>> IS that DC passing through ISA? IF yes, can you disable the RPC filter >>>>> for that rule and test again? You may need to reboot the DC twice >>>>> until that error goes away. >>>>> >>>>> -- >>>>> >>>>> I hope that the information above helps you. >>>>> Have a Nice day. >>>>> >>>>> Jorge Silva >>>>> MVP Directory Services >>>>> >>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>> rights. >>>>> >>>>> >>>>> >>>>> >>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >>>>>> Hello, >>>>>> >>>>>> I can do a SMB connection but I don't have the certificate. >>>>>> >>>>>> Can any body help me to resolve this issue? >>>>>> >>>>>> Julien >>>>>> >>>>>> >>>>>> >>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >>>>>>> Hi >>>>>>> Yes, test the connection using \\dcshdct02 >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> I hope that the information above helps you. >>>>>>> Have a Nice day. >>>>>>> >>>>>>> Jorge Silva >>>>>>> MVP Directory Services >>>>>>> >>>>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>>>> rights. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>>>>>>> Hello, >>>>>>>> >>>>>>>> In fact, the computer name is dcshdct02, but if I open the >>>>>>>> certification authority MMC, the name of the server is : >>>>>>>> mydomain-DCSHDCT02-CA. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >>>>>>>> message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> You say : >>>>>>>>>> >>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from that >>>>>>>>>>> DC. >>>>>>>>>> >>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the >>>>>>>>>> name I can see on the Certification authority MMC? >>>>>>>>>> >>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not >>>>>>>>>> the name I see on the CA MMC. >>>>>>>>>> >>>>>>>>>> Julien >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> The CAName is the computer name of your CA (Certificate Authority) >>>>>>>>> server. >>>>>>>>> >>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't >>>>>>>>> browse by the name in the CA MMC console? what name is that? >>>>>>>>> >>>>>>>>> Ace >>>>>>>>>
![]() |
0 |
![]() |
Hold on... If you're going to reboot the CA... 1St the CA, after the CA is up, do 2 reboots with a logon between them on the DC. -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:T5idndaKfvbpQ-7WnZ2dnUVZ8vOdnZ2d@giganews.com... >> - Did you also test SMB from the CA to the DC? > > Yes, I do > >> - Can you ping from both sides (DC and CA) to each other? > > Yes, I can > >> - Did you already reboot the DC 2? > > I have palnned to reboot my dc and the ca this night. > > > > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:7B115C84-012E-4397-8F34-ECAC27074558@microsoft.com... >> Ok, >> - Did you also test SMB from the CA to the DC? >> - Can you ping from both sides (DC and CA) to each other? >> - Did you already reboot the DC 2? >> >> -- >> >> I hope that the information above helps you. >> Have a Nice day. >> >> Jorge Silva >> MVP Directory Services >> >> Please no e-mails, any questions should be posted in the NewsGroup >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> >> >> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >> news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com... >>> ok simple 127.0.0.1 I have delete ... I don't know why is here. >>> >>> 192.168.30.2 is my central site and my fist DC on my domain. >>> >>> I have a lot of site and this address is the ranch for my central >>> offices. >>> >>> >>> >>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com... >>>> Ok, do that, can you also explain these 2 DNS entries: >>>> 192.168.30.2 >>>> 127.0.0.1 >>>> >>>> -- >>>> >>>> I hope that the information above helps you. >>>> Have a Nice day. >>>> >>>> Jorge Silva >>>> MVP Directory Services >>>> >>>> Please no e-mails, any questions should be posted in the NewsGroup >>>> This posting is provided "AS IS" with no warranties, and confers no >>>> rights. >>>> >>>> >>>> >>>> >>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com... >>>>> Hello, >>>>> >>>>>> Did you test SMB from that DC? >>>>> >>>>> Yes, I did. I test smb connection form and to my dc. >>>>> >>>>>> IS that DC passing through ISA? >>>>> >>>>> No, we don't use ISA! >>>>> >>>>>>You may need to reboot the DC twice >>>>> >>>>> I'll try this, this night, but if I remember well I already reboot it >>>>> more thant twice. >>>>> >>>>> >>>>> Julien >>>>> >>>>> >>>>> >>>>> >>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com... >>>>>> Is the CA service started? >>>>>> Did you test SMB from that DC? >>>>>> IS that DC passing through ISA? IF yes, can you disable the RPC >>>>>> filter for that rule and test again? You may need to reboot the DC >>>>>> twice until that error goes away. >>>>>> >>>>>> -- >>>>>> >>>>>> I hope that the information above helps you. >>>>>> Have a Nice day. >>>>>> >>>>>> Jorge Silva >>>>>> MVP Directory Services >>>>>> >>>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>>> rights. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >>>>>>> Hello, >>>>>>> >>>>>>> I can do a SMB connection but I don't have the certificate. >>>>>>> >>>>>>> Can any body help me to resolve this issue? >>>>>>> >>>>>>> Julien >>>>>>> >>>>>>> >>>>>>> >>>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >>>>>>>> Hi >>>>>>>> Yes, test the connection using \\dcshdct02 >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> I hope that the information above helps you. >>>>>>>> Have a Nice day. >>>>>>>> >>>>>>>> Jorge Silva >>>>>>>> MVP Directory Services >>>>>>>> >>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>>>>> rights. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> In fact, the computer name is dcshdct02, but if I open the >>>>>>>>> certification authority MMC, the name of the server is : >>>>>>>>> mydomain-DCSHDCT02-CA. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote >>>>>>>>> in message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> You say : >>>>>>>>>>> >>>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from >>>>>>>>>>>> that DC. >>>>>>>>>>> >>>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the >>>>>>>>>>> name I can see on the Certification authority MMC? >>>>>>>>>>> >>>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not >>>>>>>>>>> the name I see on the CA MMC. >>>>>>>>>>> >>>>>>>>>>> Julien >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> The CAName is the computer name of your CA (Certificate >>>>>>>>>> Authority) server. >>>>>>>>>> >>>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't >>>>>>>>>> browse by the name in the CA MMC console? what name is that? >>>>>>>>>> >>>>>>>>>> Ace >>>>>>>>>>
![]() |
0 |
![]() |
Another thing, please check if you have any thyrd party FW installed on the DC and CA. For instance, some antivirus have additional products that provides FW capabilities. -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:T5idndaKfvbpQ-7WnZ2dnUVZ8vOdnZ2d@giganews.com... >> - Did you also test SMB from the CA to the DC? > > Yes, I do > >> - Can you ping from both sides (DC and CA) to each other? > > Yes, I can > >> - Did you already reboot the DC 2? > > I have palnned to reboot my dc and the ca this night. > > > > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:7B115C84-012E-4397-8F34-ECAC27074558@microsoft.com... >> Ok, >> - Did you also test SMB from the CA to the DC? >> - Can you ping from both sides (DC and CA) to each other? >> - Did you already reboot the DC 2? >> >> -- >> >> I hope that the information above helps you. >> Have a Nice day. >> >> Jorge Silva >> MVP Directory Services >> >> Please no e-mails, any questions should be posted in the NewsGroup >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> >> >> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >> news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com... >>> ok simple 127.0.0.1 I have delete ... I don't know why is here. >>> >>> 192.168.30.2 is my central site and my fist DC on my domain. >>> >>> I have a lot of site and this address is the ranch for my central >>> offices. >>> >>> >>> >>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com... >>>> Ok, do that, can you also explain these 2 DNS entries: >>>> 192.168.30.2 >>>> 127.0.0.1 >>>> >>>> -- >>>> >>>> I hope that the information above helps you. >>>> Have a Nice day. >>>> >>>> Jorge Silva >>>> MVP Directory Services >>>> >>>> Please no e-mails, any questions should be posted in the NewsGroup >>>> This posting is provided "AS IS" with no warranties, and confers no >>>> rights. >>>> >>>> >>>> >>>> >>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com... >>>>> Hello, >>>>> >>>>>> Did you test SMB from that DC? >>>>> >>>>> Yes, I did. I test smb connection form and to my dc. >>>>> >>>>>> IS that DC passing through ISA? >>>>> >>>>> No, we don't use ISA! >>>>> >>>>>>You may need to reboot the DC twice >>>>> >>>>> I'll try this, this night, but if I remember well I already reboot it >>>>> more thant twice. >>>>> >>>>> >>>>> Julien >>>>> >>>>> >>>>> >>>>> >>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com... >>>>>> Is the CA service started? >>>>>> Did you test SMB from that DC? >>>>>> IS that DC passing through ISA? IF yes, can you disable the RPC >>>>>> filter for that rule and test again? You may need to reboot the DC >>>>>> twice until that error goes away. >>>>>> >>>>>> -- >>>>>> >>>>>> I hope that the information above helps you. >>>>>> Have a Nice day. >>>>>> >>>>>> Jorge Silva >>>>>> MVP Directory Services >>>>>> >>>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>>> rights. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >>>>>>> Hello, >>>>>>> >>>>>>> I can do a SMB connection but I don't have the certificate. >>>>>>> >>>>>>> Can any body help me to resolve this issue? >>>>>>> >>>>>>> Julien >>>>>>> >>>>>>> >>>>>>> >>>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >>>>>>>> Hi >>>>>>>> Yes, test the connection using \\dcshdct02 >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> I hope that the information above helps you. >>>>>>>> Have a Nice day. >>>>>>>> >>>>>>>> Jorge Silva >>>>>>>> MVP Directory Services >>>>>>>> >>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>>>>> rights. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> In fact, the computer name is dcshdct02, but if I open the >>>>>>>>> certification authority MMC, the name of the server is : >>>>>>>>> mydomain-DCSHDCT02-CA. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote >>>>>>>>> in message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> You say : >>>>>>>>>>> >>>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from >>>>>>>>>>>> that DC. >>>>>>>>>>> >>>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the >>>>>>>>>>> name I can see on the Certification authority MMC? >>>>>>>>>>> >>>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not >>>>>>>>>>> the name I see on the CA MMC. >>>>>>>>>>> >>>>>>>>>>> Julien >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> The CAName is the computer name of your CA (Certificate >>>>>>>>>> Authority) server. >>>>>>>>>> >>>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by can't >>>>>>>>>> browse by the name in the CA MMC console? what name is that? >>>>>>>>>> >>>>>>>>>> Ace >>>>>>>>>>
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com... > ok simple 127.0.0.1 I have delete ... I don't know why is here. > > 192.168.30.2 is my central site and my fist DC on my domain. > > I have a lot of site and this address is the ranch for my central offices. > In a multi-site scenario, I suggest, as well as the consensus, to use itself as the first DNS entry, and the other one as the second entry, otherwise all intial queries will be hitting the first entry across the WAN link. Good you removed the loopback. That was put in by dcpromo. Ace
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com... > Hello, > > > This is my ipconfig : > > ---------------------------------------------------------------------------------------------- > > ipconfig /all > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : DCITDCT01 > Primary Dns Suffix . . . . . . . : mydomain.local > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : mydomain.local > > Ethernet adDCter Local Area Connection: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network > Connection > Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred) > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.11.254 > DNS Servers . . . . . . . . . . . : 192.168.11.14 > 192.168.30.2 > 127.0.0.1 > NetBIOS over Tcpip. . . . . . . . : Enabled > > Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}: > > Media State . . . . . . . . . . . : Media disconnected > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Microsoft ISATDC AdDCter > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > > Tunnel adDCter Local Area Connection* 11: > > Media State . . . . . . . . . . . : Media disconnected > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > > ------------------------------------------------------------------------------------------------------------- > > Here are my application log error : > > ------------------------------------------------------------------------------------------------------------- > > Log Name: DCplication > Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment > Date: 10.02.2010 05:42:07 > Event ID: 6 > Task Category: None > Level: Error > Keywords: Classic > User: N/A > Computer: DCITDCT01.mydomain.local > Description: > Automatic certificate enrollment for local system failed (0x800706ba) The > RPC server is unavailable. > . > Event Xml: > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> > <System> > <Provider > Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" > Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" > EventSourceName="AutoEnrollment" /> > <EventID Qualifiers="16384">6</EventID> > <Version>0</Version> > <Level>2</Level> > <Task>0</Task> > <Opcode>0</Opcode> > <Keywords>0x80000000000000</Keywords> > <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> > <EventRecordID>2334</EventRecordID> > <Correlation /> > <Execution ProcessID="0" ThreadID="0" /> > <Channel>DCplication</Channel> > <Computer>DCITDCT01.mydomain.local</Computer> > <Security /> > </System> > <EventData> > <Data Name="Context">local system</Data> > <Data Name="ErrorCode">0x800706ba</Data> > <Data Name="ErrorMsg">The RPC server is unavailable. > </Data> > </EventData> > </Event> > > Log Name: DCplication > Source: Microsoft-Windows-CertificateServicesClient-CertEnroll > Date: 10.02.2010 05:42:07 > Event ID: 13 > Task Category: None > Level: Error > Keywords: Classic > User: SYSTEM > Computer: DCITDCT01.mydomain.local > Description: > Certificate enrollment for Local system failed to enroll for a > DomainController certificate with request ID N/A from > DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is > unavailable. 0x800706ba (WIN32: 1722)). > Event Xml: > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> > <System> > <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" > Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" > /> > <EventID Qualifiers="49754">13</EventID> > <Version>0</Version> > <Level>2</Level> > <Task>0</Task> > <Opcode>0</Opcode> > <Keywords>0x80000000000000</Keywords> > <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> > <EventRecordID>2333</EventRecordID> > <Correlation /> > <Execution ProcessID="0" ThreadID="0" /> > <Channel>DCplication</Channel> > <Computer>DCITDCT01.mydomain.local</Computer> > <Security UserID="S-1-5-18" /> > </System> > <EventData> > <Data Name="Context">Local system</Data> > <Data Name="TemplateName">DomainController</Data> > <Data > Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data> > <Data Name="CA">N/A</Data> > <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba > (WIN32: 1722)</Data> > </EventData> > </Event> > > Log Name: DCplication > Source: Microsoft-Windows-CertificateServicesClient-CertEnroll > Date: 10.02.2010 05:41:26 > Event ID: 64 > Task Category: None > Level: Information > Keywords: Classic > User: SYSTEM > Computer: DCITDCT01.mydomain.local > Description: > Certificate enrollment for Local system successfully load policy from > policy server > Event Xml: > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> > <System> > <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" > Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" > /> > <EventID Qualifiers="33370">64</EventID> > <Version>0</Version> > <Level>0</Level> > <Task>0</Task> > <Opcode>0</Opcode> > <Keywords>0x80000000000000</Keywords> > <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> > <EventRecordID>2332</EventRecordID> > <Correlation /> > <Execution ProcessID="0" ThreadID="0" /> > <Channel>DCplication</Channel> > <Computer>DCITDCT01.mydomain.local</Computer> > <Security UserID="S-1-5-18" /> > </System> > <EventData> > <Data Name="Context">Local system</Data> > <Data Name="ServerID"> > </Data> > </EventData> > </Event> > > Log Name: DCplication > Source: Microsoft-Windows-CertificateServicesClient-CertEnroll > Date: 10.02.2010 05:41:26 > Event ID: 65 > Task Category: None > Level: Information > Keywords: Classic > User: SYSTEM > Computer: DCITDCT01.mydomain.local > Description: > Certificate enrollment for Local system is successfully authenticated by > policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9} > Event Xml: > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> > <System> > <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" > Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" > /> > <EventID Qualifiers="33370">65</EventID> > <Version>0</Version> > <Level>0</Level> > <Task>0</Task> > <Opcode>0</Opcode> > <Keywords>0x80000000000000</Keywords> > <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> > <EventRecordID>2331</EventRecordID> > <Correlation /> > <Execution ProcessID="0" ThreadID="0" /> > <Channel>DCplication</Channel> > <Computer>DCITDCT01.mydomain.local</Computer> > <Security UserID="S-1-5-18" /> > </System> > <EventData> > <Data Name="Context">Local system</Data> > <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data> > </EventData> > </Event> > > Log Name: DCplication > Source: SceCli > Date: 10.02.2010 03:11:30 > Event ID: 1704 > Task Category: None > Level: Information > Keywords: Classic > User: N/A > Computer: DCITDCT01.mydomain.local > Description: > Security policy in the Group policy objects has been DCplied successfully. > Event Xml: > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> > <System> > <Provider Name="SceCli" /> > <EventID Qualifiers="16384">1704</EventID> > <Level>4</Level> > <Task>0</Task> > <Keywords>0x80000000000000</Keywords> > <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" /> > <EventRecordID>2330</EventRecordID> > <Channel>DCplication</Channel> > <Computer>DCITDCT01.mydomain.local</Computer> > <Security /> > </System> > <EventData> > <Data> > </Data> > </EventData> > </Event> > > --------------------------------------------------------------------------------------------------------------------------- > > Here are my system log error : > > ----------------------------------------------------------------------------------------------------------------------------- > > Log Name: System > Source: Microsoft-Windows-Kerberos-Key-Distribution-Center > Date: 10.02.2010 01:39:03 > Event ID: 29 > Task Category: None > Level: Warning > Keywords: Classic > User: N/A > Computer: DCITDCT01.mydomain.local > Description: > The Key Distribution Center (KDC) cannot find a suitable certificate to > use for smart card logons, or the KDC certificate could not be verified. > Smart card logon may not function correctly if this problem is not > resolved. To correct this problem, either verify the existing KDC > certificate using certutil.exe or enroll for a new KDC certificate. > Event Xml: > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> > <System> > <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" > Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" /> > <EventID Qualifiers="32768">29</EventID> > <Version>0</Version> > <Level>3</Level> > <Task>0</Task> > <Opcode>0</Opcode> > <Keywords>0x80000000000000</Keywords> > <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" /> > <EventRecordID>3205</EventRecordID> > <Correlation /> > <Execution ProcessID="0" ThreadID="0" /> > <Channel>System</Channel> > <Computer>DCITDCT01.mydomain.local</Computer> > <Security /> > </System> > <EventData> > </EventData> > </Event> > > ---------------------------------------------------------------------------------------------------------------------------------------------------------- > > I don't have any other error except DFS Replication that I maid for remote > backup. > > Did you need more details or log? Thank you for posting this info. All the errors indicate the CA is not resolvable or responding. Follow Jorge's suggestions. Also, I was curious of this part, but I didn't see it in your response: Can you connect to the CA using a browser? If you can, you can request a cert. https://dcshdct02 or http://dcshdct02 Ace
![]() |
0 |
![]() |
Ops, I also miss that important part about http; https access... -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message news:uq#UOF6qKHA.4604@TK2MSFTNGP05.phx.gbl... > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com... >> Hello, >> >> >> This is my ipconfig : >> >> ---------------------------------------------------------------------------------------------- >> >> ipconfig /all >> >> Windows IP Configuration >> >> Host Name . . . . . . . . . . . . : DCITDCT01 >> Primary Dns Suffix . . . . . . . : mydomain.local >> Node Type . . . . . . . . . . . . : Hybrid >> IP Routing Enabled. . . . . . . . : No >> WINS Proxy Enabled. . . . . . . . : No >> DNS Suffix Search List. . . . . . : mydomain.local >> >> Ethernet adDCter Local Area Connection: >> >> Connection-specific DNS Suffix . : >> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network >> Connection >> Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4 >> DHCP Enabled. . . . . . . . . . . : No >> Autoconfiguration Enabled . . . . : Yes >> IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred) >> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >> Default Gateway . . . . . . . . . : 192.168.11.254 >> DNS Servers . . . . . . . . . . . : 192.168.11.14 >> 192.168.30.2 >> 127.0.0.1 >> NetBIOS over Tcpip. . . . . . . . : Enabled >> >> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}: >> >> Media State . . . . . . . . . . . : Media disconnected >> Connection-specific DNS Suffix . : >> Description . . . . . . . . . . . : Microsoft ISATDC AdDCter >> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >> DHCP Enabled. . . . . . . . . . . : No >> Autoconfiguration Enabled . . . . : Yes >> >> Tunnel adDCter Local Area Connection* 11: >> >> Media State . . . . . . . . . . . : Media disconnected >> Connection-specific DNS Suffix . : >> Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface >> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >> DHCP Enabled. . . . . . . . . . . : No >> Autoconfiguration Enabled . . . . : Yes >> >> ------------------------------------------------------------------------------------------------------------- >> >> Here are my application log error : >> >> ------------------------------------------------------------------------------------------------------------- >> >> Log Name: DCplication >> Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment >> Date: 10.02.2010 05:42:07 >> Event ID: 6 >> Task Category: None >> Level: Error >> Keywords: Classic >> User: N/A >> Computer: DCITDCT01.mydomain.local >> Description: >> Automatic certificate enrollment for local system failed (0x800706ba) The >> RPC server is unavailable. >> . >> Event Xml: >> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >> <System> >> <Provider >> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" >> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" >> EventSourceName="AutoEnrollment" /> >> <EventID Qualifiers="16384">6</EventID> >> <Version>0</Version> >> <Level>2</Level> >> <Task>0</Task> >> <Opcode>0</Opcode> >> <Keywords>0x80000000000000</Keywords> >> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> >> <EventRecordID>2334</EventRecordID> >> <Correlation /> >> <Execution ProcessID="0" ThreadID="0" /> >> <Channel>DCplication</Channel> >> <Computer>DCITDCT01.mydomain.local</Computer> >> <Security /> >> </System> >> <EventData> >> <Data Name="Context">local system</Data> >> <Data Name="ErrorCode">0x800706ba</Data> >> <Data Name="ErrorMsg">The RPC server is unavailable. >> </Data> >> </EventData> >> </Event> >> >> Log Name: DCplication >> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >> Date: 10.02.2010 05:42:07 >> Event ID: 13 >> Task Category: None >> Level: Error >> Keywords: Classic >> User: SYSTEM >> Computer: DCITDCT01.mydomain.local >> Description: >> Certificate enrollment for Local system failed to enroll for a >> DomainController certificate with request ID N/A from >> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is >> unavailable. 0x800706ba (WIN32: 1722)). >> Event Xml: >> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >> <System> >> <Provider >> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >> EventSourceName="CertEnroll" /> >> <EventID Qualifiers="49754">13</EventID> >> <Version>0</Version> >> <Level>2</Level> >> <Task>0</Task> >> <Opcode>0</Opcode> >> <Keywords>0x80000000000000</Keywords> >> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> >> <EventRecordID>2333</EventRecordID> >> <Correlation /> >> <Execution ProcessID="0" ThreadID="0" /> >> <Channel>DCplication</Channel> >> <Computer>DCITDCT01.mydomain.local</Computer> >> <Security UserID="S-1-5-18" /> >> </System> >> <EventData> >> <Data Name="Context">Local system</Data> >> <Data Name="TemplateName">DomainController</Data> >> <Data >> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data> >> <Data Name="CA">N/A</Data> >> <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba >> (WIN32: 1722)</Data> >> </EventData> >> </Event> >> >> Log Name: DCplication >> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >> Date: 10.02.2010 05:41:26 >> Event ID: 64 >> Task Category: None >> Level: Information >> Keywords: Classic >> User: SYSTEM >> Computer: DCITDCT01.mydomain.local >> Description: >> Certificate enrollment for Local system successfully load policy from >> policy server >> Event Xml: >> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >> <System> >> <Provider >> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >> EventSourceName="CertEnroll" /> >> <EventID Qualifiers="33370">64</EventID> >> <Version>0</Version> >> <Level>0</Level> >> <Task>0</Task> >> <Opcode>0</Opcode> >> <Keywords>0x80000000000000</Keywords> >> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> >> <EventRecordID>2332</EventRecordID> >> <Correlation /> >> <Execution ProcessID="0" ThreadID="0" /> >> <Channel>DCplication</Channel> >> <Computer>DCITDCT01.mydomain.local</Computer> >> <Security UserID="S-1-5-18" /> >> </System> >> <EventData> >> <Data Name="Context">Local system</Data> >> <Data Name="ServerID"> >> </Data> >> </EventData> >> </Event> >> >> Log Name: DCplication >> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >> Date: 10.02.2010 05:41:26 >> Event ID: 65 >> Task Category: None >> Level: Information >> Keywords: Classic >> User: SYSTEM >> Computer: DCITDCT01.mydomain.local >> Description: >> Certificate enrollment for Local system is successfully authenticated by >> policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9} >> Event Xml: >> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >> <System> >> <Provider >> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >> EventSourceName="CertEnroll" /> >> <EventID Qualifiers="33370">65</EventID> >> <Version>0</Version> >> <Level>0</Level> >> <Task>0</Task> >> <Opcode>0</Opcode> >> <Keywords>0x80000000000000</Keywords> >> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> >> <EventRecordID>2331</EventRecordID> >> <Correlation /> >> <Execution ProcessID="0" ThreadID="0" /> >> <Channel>DCplication</Channel> >> <Computer>DCITDCT01.mydomain.local</Computer> >> <Security UserID="S-1-5-18" /> >> </System> >> <EventData> >> <Data Name="Context">Local system</Data> >> <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data> >> </EventData> >> </Event> >> >> Log Name: DCplication >> Source: SceCli >> Date: 10.02.2010 03:11:30 >> Event ID: 1704 >> Task Category: None >> Level: Information >> Keywords: Classic >> User: N/A >> Computer: DCITDCT01.mydomain.local >> Description: >> Security policy in the Group policy objects has been DCplied >> successfully. >> Event Xml: >> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >> <System> >> <Provider Name="SceCli" /> >> <EventID Qualifiers="16384">1704</EventID> >> <Level>4</Level> >> <Task>0</Task> >> <Keywords>0x80000000000000</Keywords> >> <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" /> >> <EventRecordID>2330</EventRecordID> >> <Channel>DCplication</Channel> >> <Computer>DCITDCT01.mydomain.local</Computer> >> <Security /> >> </System> >> <EventData> >> <Data> >> </Data> >> </EventData> >> </Event> >> >> --------------------------------------------------------------------------------------------------------------------------- >> >> Here are my system log error : >> >> ----------------------------------------------------------------------------------------------------------------------------- >> >> Log Name: System >> Source: Microsoft-Windows-Kerberos-Key-Distribution-Center >> Date: 10.02.2010 01:39:03 >> Event ID: 29 >> Task Category: None >> Level: Warning >> Keywords: Classic >> User: N/A >> Computer: DCITDCT01.mydomain.local >> Description: >> The Key Distribution Center (KDC) cannot find a suitable certificate to >> use for smart card logons, or the KDC certificate could not be verified. >> Smart card logon may not function correctly if this problem is not >> resolved. To correct this problem, either verify the existing KDC >> certificate using certutil.exe or enroll for a new KDC certificate. >> Event Xml: >> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >> <System> >> <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" >> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" /> >> <EventID Qualifiers="32768">29</EventID> >> <Version>0</Version> >> <Level>3</Level> >> <Task>0</Task> >> <Opcode>0</Opcode> >> <Keywords>0x80000000000000</Keywords> >> <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" /> >> <EventRecordID>3205</EventRecordID> >> <Correlation /> >> <Execution ProcessID="0" ThreadID="0" /> >> <Channel>System</Channel> >> <Computer>DCITDCT01.mydomain.local</Computer> >> <Security /> >> </System> >> <EventData> >> </EventData> >> </Event> >> >> ---------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> I don't have any other error except DFS Replication that I maid for >> remote backup. >> >> Did you need more details or log? > > > > Thank you for posting this info. All the errors indicate the CA is not > resolvable or responding. Follow Jorge's suggestions. > > Also, I was curious of this part, but I didn't see it in your response: > > Can you connect to the CA using a browser? If you can, you can request a > cert. > > https://dcshdct02 > or > http://dcshdct02 > > Ace >
![]() |
0 |
![]() |
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:15204AD8-4F67-4E61-A811-FF63B304EFF3@microsoft.com... I figured that would be the easiest way to tell if it's working. :-) Ace > Ops, I also miss that important part about http; https access... > > -- > > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MVP Directory Services > > Please no e-mails, any questions should be posted in the NewsGroup > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in > message news:uq#UOF6qKHA.4604@TK2MSFTNGP05.phx.gbl... >> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >> news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com... >>> Hello, >>> >>> >>> This is my ipconfig : >>> >>> ---------------------------------------------------------------------------------------------- >>> >>> ipconfig /all >>> >>> Windows IP Configuration >>> >>> Host Name . . . . . . . . . . . . : DCITDCT01 >>> Primary Dns Suffix . . . . . . . : mydomain.local >>> Node Type . . . . . . . . . . . . : Hybrid >>> IP Routing Enabled. . . . . . . . : No >>> WINS Proxy Enabled. . . . . . . . : No >>> DNS Suffix Search List. . . . . . : mydomain.local >>> >>> Ethernet adDCter Local Area Connection: >>> >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network >>> Connection >>> Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4 >>> DHCP Enabled. . . . . . . . . . . : No >>> Autoconfiguration Enabled . . . . : Yes >>> IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred) >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> Default Gateway . . . . . . . . . : 192.168.11.254 >>> DNS Servers . . . . . . . . . . . : 192.168.11.14 >>> 192.168.30.2 >>> 127.0.0.1 >>> NetBIOS over Tcpip. . . . . . . . : Enabled >>> >>> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}: >>> >>> Media State . . . . . . . . . . . : Media disconnected >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Microsoft ISATDC AdDCter >>> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >>> DHCP Enabled. . . . . . . . . . . : No >>> Autoconfiguration Enabled . . . . : Yes >>> >>> Tunnel adDCter Local Area Connection* 11: >>> >>> Media State . . . . . . . . . . . : Media disconnected >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface >>> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >>> DHCP Enabled. . . . . . . . . . . : No >>> Autoconfiguration Enabled . . . . : Yes >>> >>> ------------------------------------------------------------------------------------------------------------- >>> >>> Here are my application log error : >>> >>> ------------------------------------------------------------------------------------------------------------- >>> >>> Log Name: DCplication >>> Source: >>> Microsoft-Windows-CertificateServicesClient-AutoEnrollment >>> Date: 10.02.2010 05:42:07 >>> Event ID: 6 >>> Task Category: None >>> Level: Error >>> Keywords: Classic >>> User: N/A >>> Computer: DCITDCT01.mydomain.local >>> Description: >>> Automatic certificate enrollment for local system failed (0x800706ba) >>> The RPC server is unavailable. >>> . >>> Event Xml: >>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>> <System> >>> <Provider >>> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" >>> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" >>> EventSourceName="AutoEnrollment" /> >>> <EventID Qualifiers="16384">6</EventID> >>> <Version>0</Version> >>> <Level>2</Level> >>> <Task>0</Task> >>> <Opcode>0</Opcode> >>> <Keywords>0x80000000000000</Keywords> >>> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> >>> <EventRecordID>2334</EventRecordID> >>> <Correlation /> >>> <Execution ProcessID="0" ThreadID="0" /> >>> <Channel>DCplication</Channel> >>> <Computer>DCITDCT01.mydomain.local</Computer> >>> <Security /> >>> </System> >>> <EventData> >>> <Data Name="Context">local system</Data> >>> <Data Name="ErrorCode">0x800706ba</Data> >>> <Data Name="ErrorMsg">The RPC server is unavailable. >>> </Data> >>> </EventData> >>> </Event> >>> >>> Log Name: DCplication >>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>> Date: 10.02.2010 05:42:07 >>> Event ID: 13 >>> Task Category: None >>> Level: Error >>> Keywords: Classic >>> User: SYSTEM >>> Computer: DCITDCT01.mydomain.local >>> Description: >>> Certificate enrollment for Local system failed to enroll for a >>> DomainController certificate with request ID N/A from >>> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is >>> unavailable. 0x800706ba (WIN32: 1722)). >>> Event Xml: >>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>> <System> >>> <Provider >>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>> EventSourceName="CertEnroll" /> >>> <EventID Qualifiers="49754">13</EventID> >>> <Version>0</Version> >>> <Level>2</Level> >>> <Task>0</Task> >>> <Opcode>0</Opcode> >>> <Keywords>0x80000000000000</Keywords> >>> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> >>> <EventRecordID>2333</EventRecordID> >>> <Correlation /> >>> <Execution ProcessID="0" ThreadID="0" /> >>> <Channel>DCplication</Channel> >>> <Computer>DCITDCT01.mydomain.local</Computer> >>> <Security UserID="S-1-5-18" /> >>> </System> >>> <EventData> >>> <Data Name="Context">Local system</Data> >>> <Data Name="TemplateName">DomainController</Data> >>> <Data >>> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data> >>> <Data Name="CA">N/A</Data> >>> <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba >>> (WIN32: 1722)</Data> >>> </EventData> >>> </Event> >>> >>> Log Name: DCplication >>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>> Date: 10.02.2010 05:41:26 >>> Event ID: 64 >>> Task Category: None >>> Level: Information >>> Keywords: Classic >>> User: SYSTEM >>> Computer: DCITDCT01.mydomain.local >>> Description: >>> Certificate enrollment for Local system successfully load policy from >>> policy server >>> Event Xml: >>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>> <System> >>> <Provider >>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>> EventSourceName="CertEnroll" /> >>> <EventID Qualifiers="33370">64</EventID> >>> <Version>0</Version> >>> <Level>0</Level> >>> <Task>0</Task> >>> <Opcode>0</Opcode> >>> <Keywords>0x80000000000000</Keywords> >>> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> >>> <EventRecordID>2332</EventRecordID> >>> <Correlation /> >>> <Execution ProcessID="0" ThreadID="0" /> >>> <Channel>DCplication</Channel> >>> <Computer>DCITDCT01.mydomain.local</Computer> >>> <Security UserID="S-1-5-18" /> >>> </System> >>> <EventData> >>> <Data Name="Context">Local system</Data> >>> <Data Name="ServerID"> >>> </Data> >>> </EventData> >>> </Event> >>> >>> Log Name: DCplication >>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>> Date: 10.02.2010 05:41:26 >>> Event ID: 65 >>> Task Category: None >>> Level: Information >>> Keywords: Classic >>> User: SYSTEM >>> Computer: DCITDCT01.mydomain.local >>> Description: >>> Certificate enrollment for Local system is successfully authenticated by >>> policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9} >>> Event Xml: >>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>> <System> >>> <Provider >>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>> EventSourceName="CertEnroll" /> >>> <EventID Qualifiers="33370">65</EventID> >>> <Version>0</Version> >>> <Level>0</Level> >>> <Task>0</Task> >>> <Opcode>0</Opcode> >>> <Keywords>0x80000000000000</Keywords> >>> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> >>> <EventRecordID>2331</EventRecordID> >>> <Correlation /> >>> <Execution ProcessID="0" ThreadID="0" /> >>> <Channel>DCplication</Channel> >>> <Computer>DCITDCT01.mydomain.local</Computer> >>> <Security UserID="S-1-5-18" /> >>> </System> >>> <EventData> >>> <Data Name="Context">Local system</Data> >>> <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data> >>> </EventData> >>> </Event> >>> >>> Log Name: DCplication >>> Source: SceCli >>> Date: 10.02.2010 03:11:30 >>> Event ID: 1704 >>> Task Category: None >>> Level: Information >>> Keywords: Classic >>> User: N/A >>> Computer: DCITDCT01.mydomain.local >>> Description: >>> Security policy in the Group policy objects has been DCplied >>> successfully. >>> Event Xml: >>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>> <System> >>> <Provider Name="SceCli" /> >>> <EventID Qualifiers="16384">1704</EventID> >>> <Level>4</Level> >>> <Task>0</Task> >>> <Keywords>0x80000000000000</Keywords> >>> <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" /> >>> <EventRecordID>2330</EventRecordID> >>> <Channel>DCplication</Channel> >>> <Computer>DCITDCT01.mydomain.local</Computer> >>> <Security /> >>> </System> >>> <EventData> >>> <Data> >>> </Data> >>> </EventData> >>> </Event> >>> >>> --------------------------------------------------------------------------------------------------------------------------- >>> >>> Here are my system log error : >>> >>> ----------------------------------------------------------------------------------------------------------------------------- >>> >>> Log Name: System >>> Source: Microsoft-Windows-Kerberos-Key-Distribution-Center >>> Date: 10.02.2010 01:39:03 >>> Event ID: 29 >>> Task Category: None >>> Level: Warning >>> Keywords: Classic >>> User: N/A >>> Computer: DCITDCT01.mydomain.local >>> Description: >>> The Key Distribution Center (KDC) cannot find a suitable certificate to >>> use for smart card logons, or the KDC certificate could not be verified. >>> Smart card logon may not function correctly if this problem is not >>> resolved. To correct this problem, either verify the existing KDC >>> certificate using certutil.exe or enroll for a new KDC certificate. >>> Event Xml: >>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>> <System> >>> <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" >>> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" /> >>> <EventID Qualifiers="32768">29</EventID> >>> <Version>0</Version> >>> <Level>3</Level> >>> <Task>0</Task> >>> <Opcode>0</Opcode> >>> <Keywords>0x80000000000000</Keywords> >>> <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" /> >>> <EventRecordID>3205</EventRecordID> >>> <Correlation /> >>> <Execution ProcessID="0" ThreadID="0" /> >>> <Channel>System</Channel> >>> <Computer>DCITDCT01.mydomain.local</Computer> >>> <Security /> >>> </System> >>> <EventData> >>> </EventData> >>> </Event> >>> >>> ---------------------------------------------------------------------------------------------------------------------------------------------------------- >>> >>> I don't have any other error except DFS Replication that I maid for >>> remote backup. >>> >>> Did you need more details or log? >> >> >> >> Thank you for posting this info. All the errors indicate the CA is not >> resolvable or responding. Follow Jorge's suggestions. >> >> Also, I was curious of this part, but I didn't see it in your response: >> >> Can you connect to the CA using a browser? If you can, you can request a >> cert. >> >> https://dcshdct02 >> or >> http://dcshdct02 >> >> Ace >>
![]() |
0 |
![]() |
Hello, To answer your question, I can access to http://dcshdct02/certsrv but not the https://dcshdct02/certsrv I already try to request a cert but I don't see any domain cert! I see a strange behavior. If I connect to the a dc with my administrator login then try to connect to the url : http://dcshdct02/certsrv I see directly the web page. But if I try this on the dcitdct01, I need to enter my credential info! May be it's could be the problem! Have you any idea "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message news:Oy7EfaUrKHA.3344@TK2MSFTNGP06.phx.gbl... > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:15204AD8-4F67-4E61-A811-FF63B304EFF3@microsoft.com... > > I figured that would be the easiest way to tell if it's working. :-) > > Ace > > >> Ops, I also miss that important part about http; https access... >> >> -- >> >> I hope that the information above helps you. >> Have a Nice day. >> >> Jorge Silva >> MVP Directory Services >> >> Please no e-mails, any questions should be posted in the NewsGroup >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> >> >> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >> message news:uq#UOF6qKHA.4604@TK2MSFTNGP05.phx.gbl... >>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>> news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com... >>>> Hello, >>>> >>>> >>>> This is my ipconfig : >>>> >>>> ---------------------------------------------------------------------------------------------- >>>> >>>> ipconfig /all >>>> >>>> Windows IP Configuration >>>> >>>> Host Name . . . . . . . . . . . . : DCITDCT01 >>>> Primary Dns Suffix . . . . . . . : mydomain.local >>>> Node Type . . . . . . . . . . . . : Hybrid >>>> IP Routing Enabled. . . . . . . . : No >>>> WINS Proxy Enabled. . . . . . . . : No >>>> DNS Suffix Search List. . . . . . : mydomain.local >>>> >>>> Ethernet adDCter Local Area Connection: >>>> >>>> Connection-specific DNS Suffix . : >>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network >>>> Connection >>>> Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4 >>>> DHCP Enabled. . . . . . . . . . . : No >>>> Autoconfiguration Enabled . . . . : Yes >>>> IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred) >>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>> Default Gateway . . . . . . . . . : 192.168.11.254 >>>> DNS Servers . . . . . . . . . . . : 192.168.11.14 >>>> 192.168.30.2 >>>> 127.0.0.1 >>>> NetBIOS over Tcpip. . . . . . . . : Enabled >>>> >>>> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}: >>>> >>>> Media State . . . . . . . . . . . : Media disconnected >>>> Connection-specific DNS Suffix . : >>>> Description . . . . . . . . . . . : Microsoft ISATDC AdDCter >>>> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >>>> DHCP Enabled. . . . . . . . . . . : No >>>> Autoconfiguration Enabled . . . . : Yes >>>> >>>> Tunnel adDCter Local Area Connection* 11: >>>> >>>> Media State . . . . . . . . . . . : Media disconnected >>>> Connection-specific DNS Suffix . : >>>> Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface >>>> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >>>> DHCP Enabled. . . . . . . . . . . : No >>>> Autoconfiguration Enabled . . . . : Yes >>>> >>>> ------------------------------------------------------------------------------------------------------------- >>>> >>>> Here are my application log error : >>>> >>>> ------------------------------------------------------------------------------------------------------------- >>>> >>>> Log Name: DCplication >>>> Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment >>>> Date: 10.02.2010 05:42:07 >>>> Event ID: 6 >>>> Task Category: None >>>> Level: Error >>>> Keywords: Classic >>>> User: N/A >>>> Computer: DCITDCT01.mydomain.local >>>> Description: >>>> Automatic certificate enrollment for local system failed (0x800706ba) >>>> The RPC server is unavailable. >>>> . >>>> Event Xml: >>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>> <System> >>>> <Provider >>>> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" >>>> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" >>>> EventSourceName="AutoEnrollment" /> >>>> <EventID Qualifiers="16384">6</EventID> >>>> <Version>0</Version> >>>> <Level>2</Level> >>>> <Task>0</Task> >>>> <Opcode>0</Opcode> >>>> <Keywords>0x80000000000000</Keywords> >>>> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> >>>> <EventRecordID>2334</EventRecordID> >>>> <Correlation /> >>>> <Execution ProcessID="0" ThreadID="0" /> >>>> <Channel>DCplication</Channel> >>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>> <Security /> >>>> </System> >>>> <EventData> >>>> <Data Name="Context">local system</Data> >>>> <Data Name="ErrorCode">0x800706ba</Data> >>>> <Data Name="ErrorMsg">The RPC server is unavailable. >>>> </Data> >>>> </EventData> >>>> </Event> >>>> >>>> Log Name: DCplication >>>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>>> Date: 10.02.2010 05:42:07 >>>> Event ID: 13 >>>> Task Category: None >>>> Level: Error >>>> Keywords: Classic >>>> User: SYSTEM >>>> Computer: DCITDCT01.mydomain.local >>>> Description: >>>> Certificate enrollment for Local system failed to enroll for a >>>> DomainController certificate with request ID N/A from >>>> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is >>>> unavailable. 0x800706ba (WIN32: 1722)). >>>> Event Xml: >>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>> <System> >>>> <Provider >>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>>> EventSourceName="CertEnroll" /> >>>> <EventID Qualifiers="49754">13</EventID> >>>> <Version>0</Version> >>>> <Level>2</Level> >>>> <Task>0</Task> >>>> <Opcode>0</Opcode> >>>> <Keywords>0x80000000000000</Keywords> >>>> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> >>>> <EventRecordID>2333</EventRecordID> >>>> <Correlation /> >>>> <Execution ProcessID="0" ThreadID="0" /> >>>> <Channel>DCplication</Channel> >>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>> <Security UserID="S-1-5-18" /> >>>> </System> >>>> <EventData> >>>> <Data Name="Context">Local system</Data> >>>> <Data Name="TemplateName">DomainController</Data> >>>> <Data >>>> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data> >>>> <Data Name="CA">N/A</Data> >>>> <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba >>>> (WIN32: 1722)</Data> >>>> </EventData> >>>> </Event> >>>> >>>> Log Name: DCplication >>>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>>> Date: 10.02.2010 05:41:26 >>>> Event ID: 64 >>>> Task Category: None >>>> Level: Information >>>> Keywords: Classic >>>> User: SYSTEM >>>> Computer: DCITDCT01.mydomain.local >>>> Description: >>>> Certificate enrollment for Local system successfully load policy from >>>> policy server >>>> Event Xml: >>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>> <System> >>>> <Provider >>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>>> EventSourceName="CertEnroll" /> >>>> <EventID Qualifiers="33370">64</EventID> >>>> <Version>0</Version> >>>> <Level>0</Level> >>>> <Task>0</Task> >>>> <Opcode>0</Opcode> >>>> <Keywords>0x80000000000000</Keywords> >>>> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> >>>> <EventRecordID>2332</EventRecordID> >>>> <Correlation /> >>>> <Execution ProcessID="0" ThreadID="0" /> >>>> <Channel>DCplication</Channel> >>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>> <Security UserID="S-1-5-18" /> >>>> </System> >>>> <EventData> >>>> <Data Name="Context">Local system</Data> >>>> <Data Name="ServerID"> >>>> </Data> >>>> </EventData> >>>> </Event> >>>> >>>> Log Name: DCplication >>>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>>> Date: 10.02.2010 05:41:26 >>>> Event ID: 65 >>>> Task Category: None >>>> Level: Information >>>> Keywords: Classic >>>> User: SYSTEM >>>> Computer: DCITDCT01.mydomain.local >>>> Description: >>>> Certificate enrollment for Local system is successfully authenticated >>>> by policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9} >>>> Event Xml: >>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>> <System> >>>> <Provider >>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>>> EventSourceName="CertEnroll" /> >>>> <EventID Qualifiers="33370">65</EventID> >>>> <Version>0</Version> >>>> <Level>0</Level> >>>> <Task>0</Task> >>>> <Opcode>0</Opcode> >>>> <Keywords>0x80000000000000</Keywords> >>>> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> >>>> <EventRecordID>2331</EventRecordID> >>>> <Correlation /> >>>> <Execution ProcessID="0" ThreadID="0" /> >>>> <Channel>DCplication</Channel> >>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>> <Security UserID="S-1-5-18" /> >>>> </System> >>>> <EventData> >>>> <Data Name="Context">Local system</Data> >>>> <Data Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data> >>>> </EventData> >>>> </Event> >>>> >>>> Log Name: DCplication >>>> Source: SceCli >>>> Date: 10.02.2010 03:11:30 >>>> Event ID: 1704 >>>> Task Category: None >>>> Level: Information >>>> Keywords: Classic >>>> User: N/A >>>> Computer: DCITDCT01.mydomain.local >>>> Description: >>>> Security policy in the Group policy objects has been DCplied >>>> successfully. >>>> Event Xml: >>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>> <System> >>>> <Provider Name="SceCli" /> >>>> <EventID Qualifiers="16384">1704</EventID> >>>> <Level>4</Level> >>>> <Task>0</Task> >>>> <Keywords>0x80000000000000</Keywords> >>>> <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" /> >>>> <EventRecordID>2330</EventRecordID> >>>> <Channel>DCplication</Channel> >>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>> <Security /> >>>> </System> >>>> <EventData> >>>> <Data> >>>> </Data> >>>> </EventData> >>>> </Event> >>>> >>>> --------------------------------------------------------------------------------------------------------------------------- >>>> >>>> Here are my system log error : >>>> >>>> ----------------------------------------------------------------------------------------------------------------------------- >>>> >>>> Log Name: System >>>> Source: Microsoft-Windows-Kerberos-Key-Distribution-Center >>>> Date: 10.02.2010 01:39:03 >>>> Event ID: 29 >>>> Task Category: None >>>> Level: Warning >>>> Keywords: Classic >>>> User: N/A >>>> Computer: DCITDCT01.mydomain.local >>>> Description: >>>> The Key Distribution Center (KDC) cannot find a suitable certificate to >>>> use for smart card logons, or the KDC certificate could not be >>>> verified. Smart card logon may not function correctly if this problem >>>> is not resolved. To correct this problem, either verify the existing >>>> KDC certificate using certutil.exe or enroll for a new KDC certificate. >>>> Event Xml: >>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>> <System> >>>> <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" >>>> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" /> >>>> <EventID Qualifiers="32768">29</EventID> >>>> <Version>0</Version> >>>> <Level>3</Level> >>>> <Task>0</Task> >>>> <Opcode>0</Opcode> >>>> <Keywords>0x80000000000000</Keywords> >>>> <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" /> >>>> <EventRecordID>3205</EventRecordID> >>>> <Correlation /> >>>> <Execution ProcessID="0" ThreadID="0" /> >>>> <Channel>System</Channel> >>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>> <Security /> >>>> </System> >>>> <EventData> >>>> </EventData> >>>> </Event> >>>> >>>> ---------------------------------------------------------------------------------------------------------------------------------------------------------- >>>> >>>> I don't have any other error except DFS Replication that I maid for >>>> remote backup. >>>> >>>> Did you need more details or log? >>> >>> >>> >>> Thank you for posting this info. All the errors indicate the CA is not >>> resolvable or responding. Follow Jorge's suggestions. >>> >>> Also, I was curious of this part, but I didn't see it in your response: >>> >>> Can you connect to the CA using a browser? If you can, you can request a >>> cert. >>> >>> https://dcshdct02 >>> or >>> http://dcshdct02 >>> >>> Ace >>> > > >
![]() |
0 |
![]() |
I do exacly what you say. But I have always the two errors : First : Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from APSHDCT02.audemarspiguet.local\audemarspiguet-APSHDCT02-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). Second : Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable. "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:325A4C22-8662-431E-820A-E0BC2B8D9A90@microsoft.com... > Hold on... > If you're going to reboot the CA... > 1St the CA, after the CA is up, do 2 reboots with a logon between them on > the DC. > > -- > > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MVP Directory Services > > Please no e-mails, any questions should be posted in the NewsGroup > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:T5idndaKfvbpQ-7WnZ2dnUVZ8vOdnZ2d@giganews.com... >>> - Did you also test SMB from the CA to the DC? >> >> Yes, I do >> >>> - Can you ping from both sides (DC and CA) to each other? >> >> Yes, I can >> >>> - Did you already reboot the DC 2? >> >> I have palnned to reboot my dc and the ca this night. >> >> >> >> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >> news:7B115C84-012E-4397-8F34-ECAC27074558@microsoft.com... >>> Ok, >>> - Did you also test SMB from the CA to the DC? >>> - Can you ping from both sides (DC and CA) to each other? >>> - Did you already reboot the DC 2? >>> >>> -- >>> >>> I hope that the information above helps you. >>> Have a Nice day. >>> >>> Jorge Silva >>> MVP Directory Services >>> >>> Please no e-mails, any questions should be posted in the NewsGroup >>> This posting is provided "AS IS" with no warranties, and confers no >>> rights. >>> >>> >>> >>> >>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>> news:05mdnTtB8_9hLe_WnZ2dnUVZ8qSdnZ2d@giganews.com... >>>> ok simple 127.0.0.1 I have delete ... I don't know why is here. >>>> >>>> 192.168.30.2 is my central site and my fist DC on my domain. >>>> >>>> I have a lot of site and this address is the ranch for my central >>>> offices. >>>> >>>> >>>> >>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>> news:D574EA20-F3DB-4511-880C-944F7D1BF4A9@microsoft.com... >>>>> Ok, do that, can you also explain these 2 DNS entries: >>>>> 192.168.30.2 >>>>> 127.0.0.1 >>>>> >>>>> -- >>>>> >>>>> I hope that the information above helps you. >>>>> Have a Nice day. >>>>> >>>>> Jorge Silva >>>>> MVP Directory Services >>>>> >>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>> rights. >>>>> >>>>> >>>>> >>>>> >>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>> news:df2dnTJWt_Wr-u_WnZ2dnUVZ8qGdnZ2d@giganews.com... >>>>>> Hello, >>>>>> >>>>>>> Did you test SMB from that DC? >>>>>> >>>>>> Yes, I did. I test smb connection form and to my dc. >>>>>> >>>>>>> IS that DC passing through ISA? >>>>>> >>>>>> No, we don't use ISA! >>>>>> >>>>>>>You may need to reboot the DC twice >>>>>> >>>>>> I'll try this, this night, but if I remember well I already reboot it >>>>>> more thant twice. >>>>>> >>>>>> >>>>>> Julien >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>>> news:76D3BF28-7F66-4CB0-A72A-94928CFFE8AC@microsoft.com... >>>>>>> Is the CA service started? >>>>>>> Did you test SMB from that DC? >>>>>>> IS that DC passing through ISA? IF yes, can you disable the RPC >>>>>>> filter for that rule and test again? You may need to reboot the DC >>>>>>> twice until that error goes away. >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> I hope that the information above helps you. >>>>>>> Have a Nice day. >>>>>>> >>>>>>> Jorge Silva >>>>>>> MVP Directory Services >>>>>>> >>>>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>>>> rights. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>>>> news:la2dnfevwcrtdfLWnZ2dnUVZ8nydnZ2d@giganews.com... >>>>>>>> Hello, >>>>>>>> >>>>>>>> I can do a SMB connection but I don't have the certificate. >>>>>>>> >>>>>>>> Can any body help me to resolve this issue? >>>>>>>> >>>>>>>> Julien >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>>>>> news:9A0DEBC9-0F64-4EA7-9A5C-5A21FE44642E@microsoft.com... >>>>>>>>> Hi >>>>>>>>> Yes, test the connection using \\dcshdct02 >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> I hope that the information above helps you. >>>>>>>>> Have a Nice day. >>>>>>>>> >>>>>>>>> Jorge Silva >>>>>>>>> MVP Directory Services >>>>>>>>> >>>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup >>>>>>>>> This posting is provided "AS IS" with no warranties, and confers >>>>>>>>> no rights. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>>>>>>> news:OoKFGa#oKHA.1548@TK2MSFTNGP02.phx.gbl... >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> In fact, the computer name is dcshdct02, but if I open the >>>>>>>>>> certification authority MMC, the name of the server is : >>>>>>>>>> mydomain-DCSHDCT02-CA. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote >>>>>>>>>> in message news:#Yp$jr1oKHA.4836@TK2MSFTNGP05.phx.gbl... >>>>>>>>>>> "Julien" <jithurbide@removegmail.com> wrote in message >>>>>>>>>>> news:uOaW1izoKHA.5260@TK2MSFTNGP02.phx.gbl... >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> You say : >>>>>>>>>>>> >>>>>>>>>>>>> To test do a SMB connection: "\\CAName.yourdomain.tld" from >>>>>>>>>>>>> that DC. >>>>>>>>>>>> >>>>>>>>>>>> What is the CAName ? My computer name ? like dcshdct02 ? or the >>>>>>>>>>>> name I can see on the Certification authority MMC? >>>>>>>>>>>> >>>>>>>>>>>> I can browse the CA with the comupter name \\dcshdct02 but not >>>>>>>>>>>> the name I see on the CA MMC. >>>>>>>>>>>> >>>>>>>>>>>> Julien >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> The CAName is the computer name of your CA (Certificate >>>>>>>>>>> Authority) server. >>>>>>>>>>> >>>>>>>>>>> Is dcshdct02 the name of the CA? If so, what do you mean by >>>>>>>>>>> can't browse by the name in the CA MMC console? what name is >>>>>>>>>>> that? >>>>>>>>>>> >>>>>>>>>>> Ace >>>>>>>>>>>
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:d9OdnY88GdDlnOTWnZ2dnUVZ8kmdnZ2d@giganews.com... > > Hello, > > To answer your question, I can access to http://dcshdct02/certsrv but not > the https://dcshdct02/certsrv > > I already try to request a cert but I don't see any domain cert! > > I see a strange behavior. If I connect to the a dc with my administrator > login then try to connect to the url : http://dcshdct02/certsrv I see > directly the web page. > > But if I try this on the dcitdct01, I need to enter my credential info! > May be it's could be the problem! > > Have you any idea > > Using the URL with the NetBIOS name while logged on as Domain Admin, you should immediately get the page without logging on. This is the Windows Authentication portion doing it in IIS. Now if you are getting prompted from the other DC, then something else is going on. But if you don't see a domain cert, and I can't remember if that is normal or not since it should automatically be enrolled using your GPO policy, it may be indicative of a CA misonfiguration when you set it up. What article or publication did you follow to set this all up? Due to the many pieces of a CA, autoenrollment, etc, it would be quite a bit of effort to go through what steps you took to install the CA and configure the GPO, how you setup permissions on the template, and other specifics. Maybe I can offer the following links. I hope they help. Certificate Autoenrollment in Windows Server 2003Supported Hardware (Certificate Autoenrollment in Windows Server 2003) ... Configuring Group Policy � User Autoenrollment � Certificate Renewal ... http://technet.microsoft.com/en-us/library/cc778954(WS.10).aspx Install Windows Server 2003 CAHow can I install the Certificate Authority (CA) service in Windows Server 2003? Windows Server 2003 can be used as a Certificate Authority (also known as. http://www.petri.co.il/install_windows_server_2003_ca.htm Installing and Configuring Windows Server 2003 Enterprise ...Installing and Configuring Windows Server 2003 Enterprise Certification Authority. Topic Last Modified: 2005-05-19. The first step in setting up your lab is ... http://technet.microsoft.com/en-us/library/aa998956(EXCHG.65).aspx How can I enable digital certificate autoenrollment in Windows ... (Brief overview) Dec 5, 2005 ... A. Autoenrollment is available to Windows 2003 and Windows XP domain ... Next you need to enable the Group Policy for the autoenrollment. ... (You can also view Failed Requests in the Certificate Authority MMC snap-in. ... http://windowsitpro.com/article/articleid/48665/how-can-i-enable-digital-certificate-autoenrollment-in-windows-server-2003.html Alex Tcherniakhovski - Security : Certificate auto-enrollment ...Jul 3, 2007 .... For the most part configuring certificate auto-enrollment is a fairly .... but require CA to be running on Windows 2003 Server Enterprise Edition. .... In the GPO where the hosts reside configure the following setting ... http://blogs.msdn.com/alextch/archive/2007/07/03/certautoenroll.aspx Ace
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:d9OdnY88GdDlnOTWnZ2dnUVZ8kmdnZ2d@giganews.com... > > Hello, > > To answer your question, I can access to http://dcshdct02/certsrv but not > the https://dcshdct02/certsrv > > I already try to request a cert but I don't see any domain cert! > > I see a strange behavior. If I connect to the a dc with my administrator > login then try to connect to the url : http://dcshdct02/certsrv I see > directly the web page. > > But if I try this on the dcitdct01, I need to enter my credential info! > May be it's could be the problem! > > Have you any idea > I forgot to add, the RPC Unavailable error will be part of the issue. You said you disabled the firewall and allowed all ports, correct? As for not being able to connect by https:// (with the 's'), that means you never created or added an SSL cert in IIS. Ace
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:ZJ-dnXbXZ6-XmeTWnZ2dnUVZ8hudnZ2d@giganews.com... >I do exacly what you say. But I have always the two errors : > > First : > > Certificate enrollment for Local system failed to enroll for a > DomainController certificate with request ID N/A from > APSHDCT02.audemarspiguet.local\audemarspiguet-APSHDCT02-CA (The RPC server > is unavailable. 0x800706ba (WIN32: 1722)). > > Second : > > Automatic certificate enrollment for local system failed (0x800706ba) The > RPC server is unavailable. > > > As I mentioned earlier, RPC errors such as this means there is a communication block or DNS lookup issue. I assume DNS has the DCs listed, so I think tehre is a block going on elsewhere. Ace
![]() |
0 |
![]() |
Ok, And if you add the " http://dcshdct02/certsrv" to the Local Intranet Web Sites trust on dcitdct01? -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:d9OdnY88GdDlnOTWnZ2dnUVZ8kmdnZ2d@giganews.com... > > Hello, > > To answer your question, I can access to http://dcshdct02/certsrv but not > the https://dcshdct02/certsrv > > I already try to request a cert but I don't see any domain cert! > > I see a strange behavior. If I connect to the a dc with my administrator > login then try to connect to the url : http://dcshdct02/certsrv I see > directly the web page. > > But if I try this on the dcitdct01, I need to enter my credential info! > May be it's could be the problem! > > Have you any idea > > > "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in > message news:Oy7EfaUrKHA.3344@TK2MSFTNGP06.phx.gbl... >> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >> news:15204AD8-4F67-4E61-A811-FF63B304EFF3@microsoft.com... >> >> I figured that would be the easiest way to tell if it's working. :-) >> >> Ace >> >> >>> Ops, I also miss that important part about http; https access... >>> >>> -- >>> >>> I hope that the information above helps you. >>> Have a Nice day. >>> >>> Jorge Silva >>> MVP Directory Services >>> >>> Please no e-mails, any questions should be posted in the NewsGroup >>> This posting is provided "AS IS" with no warranties, and confers no >>> rights. >>> >>> >>> >>> >>> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in >>> message news:uq#UOF6qKHA.4604@TK2MSFTNGP05.phx.gbl... >>>> "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message >>>> news:PtudnVYir6kY-O_WnZ2dnUVZ8vednZ2d@giganews.com... >>>>> Hello, >>>>> >>>>> >>>>> This is my ipconfig : >>>>> >>>>> ---------------------------------------------------------------------------------------------- >>>>> >>>>> ipconfig /all >>>>> >>>>> Windows IP Configuration >>>>> >>>>> Host Name . . . . . . . . . . . . : DCITDCT01 >>>>> Primary Dns Suffix . . . . . . . : mydomain.local >>>>> Node Type . . . . . . . . . . . . : Hybrid >>>>> IP Routing Enabled. . . . . . . . : No >>>>> WINS Proxy Enabled. . . . . . . . : No >>>>> DNS Suffix Search List. . . . . . : mydomain.local >>>>> >>>>> Ethernet adDCter Local Area Connection: >>>>> >>>>> Connection-specific DNS Suffix . : >>>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network >>>>> Connection >>>>> Physical Address. . . . . . . . . : 00-0C-29-72-A4-A4 >>>>> DHCP Enabled. . . . . . . . . . . : No >>>>> Autoconfiguration Enabled . . . . : Yes >>>>> IPv4 Address. . . . . . . . . . . : 192.168.11.14(Preferred) >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>> Default Gateway . . . . . . . . . : 192.168.11.254 >>>>> DNS Servers . . . . . . . . . . . : 192.168.11.14 >>>>> 192.168.30.2 >>>>> 127.0.0.1 >>>>> NetBIOS over Tcpip. . . . . . . . : Enabled >>>>> >>>>> Tunnel adDCter isatDC.{6DE906DB-E4F6-45A1-A6D3-A5B10F2663BA}: >>>>> >>>>> Media State . . . . . . . . . . . : Media disconnected >>>>> Connection-specific DNS Suffix . : >>>>> Description . . . . . . . . . . . : Microsoft ISATDC AdDCter >>>>> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >>>>> DHCP Enabled. . . . . . . . . . . : No >>>>> Autoconfiguration Enabled . . . . : Yes >>>>> >>>>> Tunnel adDCter Local Area Connection* 11: >>>>> >>>>> Media State . . . . . . . . . . . : Media disconnected >>>>> Connection-specific DNS Suffix . : >>>>> Description . . . . . . . . . . . : Teredo Tunneling >>>>> Pseudo-Interface >>>>> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 >>>>> DHCP Enabled. . . . . . . . . . . : No >>>>> Autoconfiguration Enabled . . . . : Yes >>>>> >>>>> ------------------------------------------------------------------------------------------------------------- >>>>> >>>>> Here are my application log error : >>>>> >>>>> ------------------------------------------------------------------------------------------------------------- >>>>> >>>>> Log Name: DCplication >>>>> Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment >>>>> Date: 10.02.2010 05:42:07 >>>>> Event ID: 6 >>>>> Task Category: None >>>>> Level: Error >>>>> Keywords: Classic >>>>> User: N/A >>>>> Computer: DCITDCT01.mydomain.local >>>>> Description: >>>>> Automatic certificate enrollment for local system failed (0x800706ba) >>>>> The RPC server is unavailable. >>>>> . >>>>> Event Xml: >>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>>> <System> >>>>> <Provider >>>>> Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" >>>>> Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" >>>>> EventSourceName="AutoEnrollment" /> >>>>> <EventID Qualifiers="16384">6</EventID> >>>>> <Version>0</Version> >>>>> <Level>2</Level> >>>>> <Task>0</Task> >>>>> <Opcode>0</Opcode> >>>>> <Keywords>0x80000000000000</Keywords> >>>>> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> >>>>> <EventRecordID>2334</EventRecordID> >>>>> <Correlation /> >>>>> <Execution ProcessID="0" ThreadID="0" /> >>>>> <Channel>DCplication</Channel> >>>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>>> <Security /> >>>>> </System> >>>>> <EventData> >>>>> <Data Name="Context">local system</Data> >>>>> <Data Name="ErrorCode">0x800706ba</Data> >>>>> <Data Name="ErrorMsg">The RPC server is unavailable. >>>>> </Data> >>>>> </EventData> >>>>> </Event> >>>>> >>>>> Log Name: DCplication >>>>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>>>> Date: 10.02.2010 05:42:07 >>>>> Event ID: 13 >>>>> Task Category: None >>>>> Level: Error >>>>> Keywords: Classic >>>>> User: SYSTEM >>>>> Computer: DCITDCT01.mydomain.local >>>>> Description: >>>>> Certificate enrollment for Local system failed to enroll for a >>>>> DomainController certificate with request ID N/A from >>>>> DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA (The RPC server is >>>>> unavailable. 0x800706ba (WIN32: 1722)). >>>>> Event Xml: >>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>>> <System> >>>>> <Provider >>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>>>> EventSourceName="CertEnroll" /> >>>>> <EventID Qualifiers="49754">13</EventID> >>>>> <Version>0</Version> >>>>> <Level>2</Level> >>>>> <Task>0</Task> >>>>> <Opcode>0</Opcode> >>>>> <Keywords>0x80000000000000</Keywords> >>>>> <TimeCreated SystemTime="2010-02-10T04:42:07.000000000Z" /> >>>>> <EventRecordID>2333</EventRecordID> >>>>> <Correlation /> >>>>> <Execution ProcessID="0" ThreadID="0" /> >>>>> <Channel>DCplication</Channel> >>>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>>> <Security UserID="S-1-5-18" /> >>>>> </System> >>>>> <EventData> >>>>> <Data Name="Context">Local system</Data> >>>>> <Data Name="TemplateName">DomainController</Data> >>>>> <Data >>>>> Name="RequestId">DCSHDCT02.mydomain.local\mydomain-DCSHDCT02-CA</Data> >>>>> <Data Name="CA">N/A</Data> >>>>> <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba >>>>> (WIN32: 1722)</Data> >>>>> </EventData> >>>>> </Event> >>>>> >>>>> Log Name: DCplication >>>>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>>>> Date: 10.02.2010 05:41:26 >>>>> Event ID: 64 >>>>> Task Category: None >>>>> Level: Information >>>>> Keywords: Classic >>>>> User: SYSTEM >>>>> Computer: DCITDCT01.mydomain.local >>>>> Description: >>>>> Certificate enrollment for Local system successfully load policy from >>>>> policy server >>>>> Event Xml: >>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>>> <System> >>>>> <Provider >>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>>>> EventSourceName="CertEnroll" /> >>>>> <EventID Qualifiers="33370">64</EventID> >>>>> <Version>0</Version> >>>>> <Level>0</Level> >>>>> <Task>0</Task> >>>>> <Opcode>0</Opcode> >>>>> <Keywords>0x80000000000000</Keywords> >>>>> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> >>>>> <EventRecordID>2332</EventRecordID> >>>>> <Correlation /> >>>>> <Execution ProcessID="0" ThreadID="0" /> >>>>> <Channel>DCplication</Channel> >>>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>>> <Security UserID="S-1-5-18" /> >>>>> </System> >>>>> <EventData> >>>>> <Data Name="Context">Local system</Data> >>>>> <Data Name="ServerID"> >>>>> </Data> >>>>> </EventData> >>>>> </Event> >>>>> >>>>> Log Name: DCplication >>>>> Source: Microsoft-Windows-CertificateServicesClient-CertEnroll >>>>> Date: 10.02.2010 05:41:26 >>>>> Event ID: 65 >>>>> Task Category: None >>>>> Level: Information >>>>> Keywords: Classic >>>>> User: SYSTEM >>>>> Computer: DCITDCT01.mydomain.local >>>>> Description: >>>>> Certificate enrollment for Local system is successfully authenticated >>>>> by policy server {A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9} >>>>> Event Xml: >>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>>> <System> >>>>> <Provider >>>>> Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" >>>>> Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" >>>>> EventSourceName="CertEnroll" /> >>>>> <EventID Qualifiers="33370">65</EventID> >>>>> <Version>0</Version> >>>>> <Level>0</Level> >>>>> <Task>0</Task> >>>>> <Opcode>0</Opcode> >>>>> <Keywords>0x80000000000000</Keywords> >>>>> <TimeCreated SystemTime="2010-02-10T04:41:26.000000000Z" /> >>>>> <EventRecordID>2331</EventRecordID> >>>>> <Correlation /> >>>>> <Execution ProcessID="0" ThreadID="0" /> >>>>> <Channel>DCplication</Channel> >>>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>>> <Security UserID="S-1-5-18" /> >>>>> </System> >>>>> <EventData> >>>>> <Data Name="Context">Local system</Data> >>>>> <Data >>>>> Name="ServerURL">{A1DF368B-D850-4F4E-9ACF-80ADABD8C1D9}</Data> >>>>> </EventData> >>>>> </Event> >>>>> >>>>> Log Name: DCplication >>>>> Source: SceCli >>>>> Date: 10.02.2010 03:11:30 >>>>> Event ID: 1704 >>>>> Task Category: None >>>>> Level: Information >>>>> Keywords: Classic >>>>> User: N/A >>>>> Computer: DCITDCT01.mydomain.local >>>>> Description: >>>>> Security policy in the Group policy objects has been DCplied >>>>> successfully. >>>>> Event Xml: >>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>>> <System> >>>>> <Provider Name="SceCli" /> >>>>> <EventID Qualifiers="16384">1704</EventID> >>>>> <Level>4</Level> >>>>> <Task>0</Task> >>>>> <Keywords>0x80000000000000</Keywords> >>>>> <TimeCreated SystemTime="2010-02-10T02:11:30.000000000Z" /> >>>>> <EventRecordID>2330</EventRecordID> >>>>> <Channel>DCplication</Channel> >>>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>>> <Security /> >>>>> </System> >>>>> <EventData> >>>>> <Data> >>>>> </Data> >>>>> </EventData> >>>>> </Event> >>>>> >>>>> --------------------------------------------------------------------------------------------------------------------------- >>>>> >>>>> Here are my system log error : >>>>> >>>>> ----------------------------------------------------------------------------------------------------------------------------- >>>>> >>>>> Log Name: System >>>>> Source: Microsoft-Windows-Kerberos-Key-Distribution-Center >>>>> Date: 10.02.2010 01:39:03 >>>>> Event ID: 29 >>>>> Task Category: None >>>>> Level: Warning >>>>> Keywords: Classic >>>>> User: N/A >>>>> Computer: DCITDCT01.mydomain.local >>>>> Description: >>>>> The Key Distribution Center (KDC) cannot find a suitable certificate >>>>> to use for smart card logons, or the KDC certificate could not be >>>>> verified. Smart card logon may not function correctly if this problem >>>>> is not resolved. To correct this problem, either verify the existing >>>>> KDC certificate using certutil.exe or enroll for a new KDC >>>>> certificate. >>>>> Event Xml: >>>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> >>>>> <System> >>>>> <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" >>>>> Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" /> >>>>> <EventID Qualifiers="32768">29</EventID> >>>>> <Version>0</Version> >>>>> <Level>3</Level> >>>>> <Task>0</Task> >>>>> <Opcode>0</Opcode> >>>>> <Keywords>0x80000000000000</Keywords> >>>>> <TimeCreated SystemTime="2010-02-10T00:39:03.000000000Z" /> >>>>> <EventRecordID>3205</EventRecordID> >>>>> <Correlation /> >>>>> <Execution ProcessID="0" ThreadID="0" /> >>>>> <Channel>System</Channel> >>>>> <Computer>DCITDCT01.mydomain.local</Computer> >>>>> <Security /> >>>>> </System> >>>>> <EventData> >>>>> </EventData> >>>>> </Event> >>>>> >>>>> ---------------------------------------------------------------------------------------------------------------------------------------------------------- >>>>> >>>>> I don't have any other error except DFS Replication that I maid for >>>>> remote backup. >>>>> >>>>> Did you need more details or log? >>>> >>>> >>>> >>>> Thank you for posting this info. All the errors indicate the CA is not >>>> resolvable or responding. Follow Jorge's suggestions. >>>> >>>> Also, I was curious of this part, but I didn't see it in your response: >>>> >>>> Can you connect to the CA using a browser? If you can, you can request >>>> a >>>> cert. >>>> >>>> https://dcshdct02 >>>> or >>>> http://dcshdct02 >>>> >>>> Ace >>>> >> >> >>
![]() |
0 |
![]() |
I already saw this error, but the problem was related with cached credentials on the requester... Can you check that please? -- I hope that the information above helps you. Have a Nice day. Jorge Silva MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message news:uF8JbfkrKHA.728@TK2MSFTNGP04.phx.gbl... > "Julien Ithurbide" <jithurbide@removegmail.com> wrote in message > news:ZJ-dnXbXZ6-XmeTWnZ2dnUVZ8hudnZ2d@giganews.com... >>I do exacly what you say. But I have always the two errors : >> >> First : >> >> Certificate enrollment for Local system failed to enroll for a >> DomainController certificate with request ID N/A from >> APSHDCT02.audemarspiguet.local\audemarspiguet-APSHDCT02-CA (The RPC >> server is unavailable. 0x800706ba (WIN32: 1722)). >> >> Second : >> >> Automatic certificate enrollment for local system failed (0x800706ba) The >> RPC server is unavailable. >> >> >> > > As I mentioned earlier, RPC errors such as this means there is a > communication block or DNS lookup issue. I assume DNS has the DCs listed, > so I think tehre is a block going on elsewhere. > > Ace > > >
![]() |
0 |
![]() |
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:329CF86E-A5BE-4D40-9EF8-37687A2D1343@microsoft.com... >I already saw this error, but the problem was related with cached >credentials on the requester... Can you check that please? > Good point. I forgot. :-) Possibly run in a cmd prompt to check what credentials are stored: Control keymgr.dll However, I don't think it's in there. Maybe clear and restart IE? Ace
![]() |
0 |
![]() |
> However, I don't think it's in there. Maybe clear and restart IE? In fact, I saw my user in the Credential manager! I remove it and restart IE.... without success! I always need to enter my credential! To be honest, I think that when I do a dcpromo like another server something go wrong! I'll try to depromate my dc, remove my dns server reboot it and do again a dcpromo. "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message news:ewho3DqrKHA.3944@TK2MSFTNGP06.phx.gbl... > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:329CF86E-A5BE-4D40-9EF8-37687A2D1343@microsoft.com... >>I already saw this error, but the problem was related with cached >>credentials on the requester... Can you check that please? >> > > > Good point. I forgot. :-) > > Possibly run in a cmd prompt to check what credentials are stored: > Control keymgr.dll > > However, I don't think it's in there. Maybe clear and restart IE? > > Ace >
![]() |
0 |
![]() |
"Julien Ithurbide" <jithurbide@removegmail.com> wrote in message news:e7ednU9Pyox9LubWnZ2dnUVZ7sudnZ2d@giganews.com... >> However, I don't think it's in there. Maybe clear and restart IE? > > In fact, I saw my user in the Credential manager! I remove it and restart > IE.... without success! I always need to enter my credential! > > To be honest, I think that when I do a dcpromo like another server > something go wrong! > > I'll try to depromate my dc, remove my dns server reboot it and do again a > dcpromo. > You've been wrestling with this for over two weeks now. Have you possibly considered calling Microsoft PSS for assistance to get this resolved? A single call and they can resolve everything associated with this issue in one ticket. Just make sure you state everything in the ticket so they all get resolved. Ace
![]() |
0 |
![]() |