Our domain had 2, 2003 DC's. We recently added a 2008 DC, then demoted 1 of the 2003 DC's in preperation for removal. This happened to be the first DC in the forest. Since then, all the remaining 2003 DC's in the forest (3 domains) are showing Event ID: 13 several times a day. We have not installed a CA.
Event ID:13 Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
Additionally, I have noticed a number of WINS records for servers and hosts becoming tombstoned when they should not be. I'm wondering if this is related.
I already googled and tried DCOM settings. They already look good. Appreciate any tips.... Thanks, MIKE
Domain Controllers should not attempt to request Domain Controller certificate automatically, if there is no Enterprise CA installed in the environment. A possible cause could be an Enterprise CA has ever been installed accidently. To verify it, please run the following command on a Domain Controller in the forest root domain:
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.