I have two DC, one is a Windows Server 2003 (certificate server), the other is Windows Server 2008 R2. The Windows Server 2008 R2 has the following events in the event viewer.
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Event ID: 6
Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.
And
Source: Microsoft-Windows-CertificateServicesClient-CertEnroll
Event ID: 13
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from 2003DCinternal.domain.com\DOMAIN-Root-CA.domain.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
I've read a few things over the internet:
Certificate enrollment for Local system failed to enroll Event ID:13
Seems to indicate that I should check if I already have a certificate installed. I open the Certificates MMC Snap-in
on the 2008 R2 server having the errors and go to Personal
> Certificates
. From there I see a certificate for localhost issued by localhost (could that indicate a part of my problem?).
I've also seen other stuff indicating that 2003 servers can not generate the correct certificates for 2003 or Windows 7 computers.
Other than that Google doesn't really have any thing that solidly explains what the issue is.
Could someone help me understand how to troubleshoot this?
You might find the following link useful as a troubleshooting reference http://blogs.technet.com/b/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx .
Incidentally, the self signed cert issued by localhost is not the problem.
Personally, I'd take a network trace from the 2008 R2 DC while manually trying to enrol for a cert using the MMC from the 2008R2 DC and see how far you get.