当试图从我们指定为CA的DC申请一个新的DomainControllerAuthentication证书时,我们一直在收到拒绝访问错误。
在事件查看器中生成以下事件:
Log Name: Application Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Date: 20/02/2013 2:54:32 PM Event ID: 13 Task Category: None Level: Error Keywords: Classic User: CONSOTO\adadmin Computer: vmsrvdc-40.consoto.com Description: Certificate enrollment for Local system failed to enroll for a DomainControllerAuthentication certificate with request ID N/A from vmsrvdc-40.consoto.com\consoto-VMSRVDC-40-CA (Access is denied. 0x80070005 (WIN32: 5)). Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" /> <EventID Qualifiers="49754">13</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-02-20T19:54:32.000000000Z" /> <EventRecordID>5750</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>vmsrvdc-40.consoto.com</Computer> <Security UserID="S-1-5-21-1518945024-1460817392-709122288-5797" /> </System> <EventData> <Data Name="Context">Local system</Data> <Data Name="TemplateName">DomainControllerAuthentication</Data> <Data Name="RequestId">vmsrvdc-40.consoto.com\consoto-VMSRVDC-40-CA</Data> <Data Name="CA">N/A</Data> <Data Name="ErrorCode">Access is denied. 0x80070005 (WIN32: 5)</Data> </EventData> </Event> Log Name: Application Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Date: 20/02/2013 2:54:29 PM Event ID: 64 Task Category: None Level: Information Keywords: Classic User: CONSOTO\adadmin Computer: vmsrvdc-40.consoto.com Description: Certificate enrollment for Local system successfully load policy from policy server {C1BA95CA-8DD5-4350-B81C-BE7BB80AD305} Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" /> <EventID Qualifiers="33370">64</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-02-20T19:54:29.000000000Z" /> <EventRecordID>5749</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>vmsrvdc-40.consoto.com</Computer> <Security UserID="S-1-5-21-1518945024-1460817392-709122288-5797" /> </System> <EventData> <Data Name="Context">Local system</Data> <Data Name="ServerID">{C1BA95CA-8DD5-4350-B81C-BE7BB80AD305}</Data> </EventData> </Event> Log Name: Application Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Date: 20/02/2013 2:54:29 PM Event ID: 65 Task Category: None Level: Information Keywords: Classic User: CONSOTO\adadmin Computer: vmsrvdc-40.consoto.com Description: Certificate enrollment for Local system is successfully authenticated by policy server {C1BA95CA-8DD5-4350-B81C-BE7BB80AD305} Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" /> <EventID Qualifiers="33370">65</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-02-20T19:54:29.000000000Z" /> <EventRecordID>5748</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>vmsrvdc-40.consoto.com</Computer> <Security UserID="S-1-5-21-1518945024-1460817392-709122288-5797" /> </System> <EventData> <Data Name="Context">Local system</Data> <Data Name="ServerURL">{C1BA95CA-8DD5-4350-B81C-BE7BB80AD305}</Data> </EventData> </Event> 到目前为止我们有:
但是,这些步骤不允许我们要求新的证书…