I recently migrated our network from 2 W2003 DC's to 2 W2008 DC's, these are new servers, not in place upgrades. I installed AD CA on one of the DC's, and have since also installed it on the second DC. The second DC is repeatedly recording Event ID13 "Certificate enrollment for Local system failed to enroll for a DomainController certificate from servername.goexpress.com\goexpress-servername-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722))"
When I try to manually enroll it also fails stating the RPC server is unavailable. RPC Service is started on both CA's and I added the following groups to the Built In/Certificate Service DCOM group in AD (it was previously empty):
Authenticated Users, Domain Computers, Domain Controllers, Domain Users, Everyone
I checked the security permissions on the Domain Controller certificate, they are:
Authenticated Users- Read/Write/Enroll
Domain Admin, Domain Controllers, Enterprise Admin, Enterprise DC all have Full Control.
Under 'Failed Requests' in the Certification Authority it shows entries "The requested certificate template is not supported by this CA 0x80094800 (-2146875392) under the status code. The disposition message reads "Denied by Policy Module"
Does anyone know how to fix this? I thought that adding the affected DC as a CA would resolve the issue, but that is not the case. I also tried duplicating the DC certificate template but the same error occurs if I try to request or install that as well.