"Active Directory Certificate Services denied request 7054 because DNS name does not exist. 0x800725f2 (WIN32: 9714). The request was for DOMAIN\COMPUTER$. Additional information: Denied by Policy Module"
I would appriciate some help here. I have already searched the forums but found not exact match. We have been issuing computer certificates for about a year with our 2K8r2 Enterprise CA successfully. As far as I know the only thing that matches this behaviour is that we have migrated our win7 clients from a child domain in to the primary domain. The child domain had full trust and DNS suffix on the clients are correct after the migration, they even had got certificates renewed matching the correct domain when the migration occured. This problem happend a couple of days ago, when a renew process started.
Template settings:
Further info:
Manual request does not work either.
I can request from templates with Common name as subject. (Wireless TLS does not work for me this way..)
If I look at the computer object dNSHostName is correct
We have added a third DC running Server 2012.
Audit log:
"Certificate Services denied a certificate request.
Request ID:7118
Requester:<Domain\COMPUTER$>
Attributes:
cdc:<dc.domain.com>
rmd:<COMPUTER>
ccm:<COMPUTER>
Dis"Apple-tab-span" style="white-space:pre;"> -2147015182
SKI:4f e5 d6 93 8c 1e 70 17 84 38 cb 52 1x e3 d6 2c e5 3x f0 0d
Subject:"
-- Domain Computers have enroll and autoenroll rights.
I havent seen anything strange in our DNS servers ---
I hope this confuses you a bit less. Looking forward for some answers.