Hello,
We have setup a Windws 2008 R2 cluster ADCS Enterprise CA. A scheduled batch creates a backup of the CA database. To test the recovery procedure we rebuilt the cluster and during the installation of ADCS we used the .pfx file of the Enterprise CA and restored the CA database. And although we can submit CSR through the Webenrollement interface succesfully, all auto enrollement of computer certificates fail. The client shows in the eventviewer that the RPC service of the CA is not available. But we can succesfully execute the command certutil -ping and certutil -pingadmin remotely to see that the RPC interfaces of the CA are alive. We even turned the Windows internal firewall off to check if that is the problem. We made a network trace on the CA to see what going on during auto enrollement. On the restored CA it succesfully sets up RPC communication but then responds with a nca_s_fault_access_denied to the client and after that the communication is gracefully ended. It looks like that some permissions need to be set, but we checked them several times but to no avail.
Hope that someone has a clue.
Thanks in advance.
Rens