000022590 - How to install domain controller certificate for Microsoft Active Directory SSL LDAP binds on Microsoft Windows Server 2003 SP1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022590
Applies ToMicrosoft Windows Server 2003 SP1
Microsoft Active Directory 2003

RSA ClearTrust 5.5.3
IssueHow to install domain controller certificate for Microsoft Active Directory SSL LDAP binds on Microsoft Windows Server 2003 SP1
RSA ClearTrust AServer shows the following error on start-up:

"sirrus.da.exeption.DataStoreException: [Cannot connect to the LDAP server]"
RSA ClearTrust AServer shows the following error on start-up in DEBUG mode:

"SSLHandshakeException: Remote host closed connection during handshake"

Microsoft Windows Server 2003 Application Event Viewer shows the following error:

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: 9/10/2005
Time: 3:04:21 AM
User: N/A
Computer: HQ-SRV02
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller Authentication certificate (0x80070005). Access is denied.

Unable to install Microsoft Windows Domain Controller certificate for LDAP SSL binds
CauseThis behavior is due to the fact that Microsoft Windows Server 2003 SP1 restricts access to Certificate Services through DCOM to objects that are in the CERTSVC_DCOM_ACCESS group. By default, domain controllers may not be in this group.
ResolutionTo correct this issue, add the domain controller to the CERTSVC_DCOM_ACCESS group, then restart the domain controller so that it can auto enroll for a domain controller certificate.

See the following article for more information:

http://support.microsoft.com/default.aspx/kb/889101
WorkaroundApplied or installed Microsoft Windows Server 2003 SP1
Legacy Article IDa29383

Attachments

    Outcomes