Every 8 hours my Windows 2003 Domain Controllers attempt to Auto Enroll certificates and I get the below two entries in the Application Logs:
Type: Warning
Source: AutoEnrollment
Event ID: 17
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate from certificate authority CA.domain.com on Server (0x80070057). The parameter is incorrect.
Another certificate authority will be contacted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
AND
Type: Error
Source: AutoEnrollment
Event ID: 13
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070057). The parameter is incorrect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I’ve tried adding the Domain Controllers group was added to Certsvc Service Dcom Access.
I’ve also noticed that there is a CA listed in AD that’s been decommissioned with a self-signed root certificate that is now expired.
I am far from an expert with CAs so any advice is welcome.