DCOM trace logging
hello,
i have problem ad cs on strictly secured computer. certsrv service running , no errors seen in event logs. ca console working fine, certificate templates console ok. problem clients cannot enroll certificates on dcom interface rpc server unavailable. ca using static port configured in component services. until recent security hardening worked fine. have changed group memberships. i troubleshoot myself.
it seems dcom cannot start interface enrollment.
i see detailed tracing log of dcom events might me troubleshoot. how enable generic dcom logging? or how enable ad cs detailed tracing?
thank you.
ondrej.
actually, reason ca dcom interface not starting first enrollee accesses tries enroll not member of users group on ca computer. although user member of ca dcom access group, needs member of users well. why? how trace dcom operation.
another observation when dcom interface running, user can make withouth being users member, way assume should work alwyas.
ondrej.
Windows Server > Security
Comments
Post a Comment