|Applies To||Microsoft Windows Server 2003 SP1|
Microsoft Active Directory 2003
RSA ClearTrust 5.5.3
|Issue||How to install domain controller certificate for Microsoft Active Directory SSL LDAP binds on Microsoft Windows Server 2003 SP1|
RSA ClearTrust AServer shows the following error on start-up:
"sirrus.da.exeption.DataStoreException: [Cannot connect to the LDAP server]"
RSA ClearTrust AServer shows the following error on start-up in DEBUG mode:
"SSLHandshakeException: Remote host closed connection during handshake"
Microsoft Windows Server 2003 Application Event Viewer shows the following error:
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Time: 3:04:21 AM
Automatic certificate enrollment for local system failed to enroll for one Domain Controller Authentication certificate (0x80070005). Access is denied.
Unable to install Microsoft Windows Domain Controller certificate for LDAP SSL binds
|Cause||This behavior is due to the fact that Microsoft Windows Server 2003 SP1 restricts access to Certificate Services through DCOM to objects that are in the CERTSVC_DCOM_ACCESS group. By default, domain controllers may not be in this group.|
|Resolution||To correct this issue, add the domain controller to the CERTSVC_DCOM_ACCESS group, then restart the domain controller so that it can auto enroll for a domain controller certificate.|
See the following article for more information:
|Workaround||Applied or installed Microsoft Windows Server 2003 SP1|
|Legacy Article ID||a29383|