Certificate Authority & AD

please excuse ignorance in question,  i'm trying handle on how ca plays ad structure.  is ca necessary domain services run?  if so, why , relies on it?

in past there 2 ca's live on our network.  now, both shut off , neither of them have valid certificates.  i in process of upgrading dc's 2008r2.  i have first r2 server installed , running, i'm getting 2 application errors in event log every 8hrs.  i have included both of these errors below.  ultimately, want these errors go away cannot find creating them.

any can offer appreciated.

log name:      application
source:        microsoft-windows-certificateservicesclient-certenroll
date:          10/8/2012 7:40:41 am
event id:      13
task category: none
level:         error
keywords:      classic
user:          system
computer:      srv00194.lcc.ctc.edu
description:
certificate enrollment local system failed enroll domaincontroller certificate request id n/a adminsrv.lcc.ctc.edu\adminsrv (the rpc server unavailable. 0x800706ba (win32: 1722)).

log name:      application
source:        microsoft-windows-certificateservicesclient-autoenrollment
date:          10/8/2012 7:40:41 am
event id:      6
task category: none
level:         error
keywords:      classic
user:          n/a
computer:      srv00194.lcc.ctc.edu
description:
automatic certificate enrollment local system failed (0x800706ba) rpc server unavailable.

hi,

there must still policy affecting dcs enabling auto-enrolment. other way of stopping enrolment amend permissions on certificate template - domaincontroller in example pasted in original message - domain controllers not have auto-enrol permission on template. can done certificate templates mmc (certtmpl.msc) or enterprise pki in server manager. may need install relevant admin tools see this.

steve g

Windows Server  >  Security