More on certificate services

Found a thread on experts-exchange. Someone was getting very similar errors and resolved the issue thusly.
C:\>certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
I double-checked the eventlog, and looked at the recommended resources, which included:
http://support.microsoft.com/kb/903220/en-us
I verified that the campus DCs are members of CERTSVC_DCOM_ACCESS group. In the AD domain, I had added the domain controllers directly, and I vaguely remember that the Campus\Domain Controllers group seemd not to work. But I added that group into the DCOM_ACCESS group, just for good measure.
When I checked that group in the Campus domain, I saw that the domain controllers are NOT members of CERTSVC_DCOM_ACCESS. I have added that group, and now will reboot CDC02.
Huzzah! Autoenrollment succeeds on reboot.

Leave a Reply