Problems occur when the Autoenrollment feature cannot reach an Active Directory domain controller (310461)
The information in this article applies to:
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows XP Professional
- Microsoft Windows Small Business Server 2003, Premium Edition
- Microsoft Windows Small Business Server 2003, Standard Edition
This article was previously published under Q310461 SYMPTOMS The following Event ID 15 error message entries are logged
at 8-hour intervals in the application event log: Event
Type: Error Event Source: AutoEnrollment Event Category: None
Event ID: 15 Date: date Time: time User: N/A Computer: computer name Description: Automatic certificate enrollment for local
system failed to contact the active directory (0x8007054b). The specified
domain either does not exist or could not be contacted. Enrollment will not be
performed. CAUSE This problem may occur if the Autoenrollment feature cannot
reach an Active Directory domain controller. In a Microsoft Windows NT 4.0
domain, Active Directory is not available. Therefore, the Autoenrollment
feature cannot work. In an Active Directory domain that has Microsoft Windows
2000 or later domain controllers, the problem may be caused by a DNS name
resolution or by network connectivity issue. RESOLUTION For a Microsoft Windows XP-based computer or a Microsoft
Windows Server 2003-based computer that is joined to a Windows NT 4.0 domain,
to turn off the Autoenrollment feature in the Local Group Policy, follow these
steps on the local workstation:
- Click Start, click Run,
type gpedit.msc, and then press ENTER.
- In the left pane, expand Computer
Configuration, expand Windows Settings, expand
Security Settings, and then expand Public Key
Policies.
- Double-click Autoenrollment
Settings.
- Click Do not enroll certificates
automatically.
- Click OK.
- Repeat steps 2 through 5, but in step 2, expand
User Configuration, expand Windows Settings,
expand Security Settings, and then expand Public Key
Policies.
- Close the Group Policy window.
For a computer that is a member of a Windows 2000 or later
Active Directory domain, make sure that the domain member has network
connectivity with at least one domain controller. After you have
determined that you have good Internet Protocol (IP) connectivity between the
member and a domain controller, correct the DNS address in the IP properties of
the workstation. To do this, follow these steps:
- Start the Network Connections tool in Control
Panel.
- Right-click Local Area Connection, and
then click Properties.
- Click Internet Protocol (TCP/IP), and then
click Properties.
- Type the correct DNS address in the Preferred DNS
server box.
- Click OK.
Modification Type: | Major | Last Reviewed: | 5/26/2004 |
---|
Keywords: | kbEvent kberrmsg kbprb KB310461 |
---|
|