EventID's 70, 68, 67, 6 - CertificateServicesClient-CertEnroll


since upgrading windows server 2003 certificate server 2012r2 ad cs server, have seen few anomalies. started on desktops, have seen on servers also. series of errors in application log:

70 - certificate enrollment local system failed because no valid policy can obtained policy servers id {dffa2e01-d71f-4a3f-8414-2d5ab6eea4b4}

68 - certificate enrollment local system failed in authentication policy servers id {dffa2e01-d71f-4a3f-8414-2d5ab6eea4b4}  (a specified logon session not exist. may have been terminated. 0x80070520 (win32: 1312))

67 - certificate enrollment local system failed load policy policy servers id  specified logon session not exist. may have been terminated. 0x80070520 (win32: 1312) ()

6 - automatic certificate enrollment local system failed (0x80070520) specified logon session not exist. may have been terminated.

it followed kerberos security-kerberos error 4 in system log host. @ point impossible login server domain account. resolution reboot system, have been fortunate enough far have happened off hours servers.

during research, there have been indications related time sync issues, have found no evidence of this. won't rule out completely, servers virtualized , synced host, if 1 off, expect host off along other servers.

i curious referencing "policy servers id {dffa2e01-d71f-4a3f-8414-2d5ab6eea4b4}"? have searched registry , adsi edit no luck finding guid. if refers old server, information stored new server?

i hope figure out before critical server experiences issue during business hours.



Windows Server  >  Windows Server General Forum



Comments

Popular posts from this blog

CRL Revocation always failed

Failed to query the results of bpa xpath

0x300000d errors in Microsoft Remote Desktop client