|
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
|
|
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
http://support.microsoft.com/kb/903220
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: date
Time: time
User: N/A
Computer: computer_name
Description: Automatic certificate enrollment for local system failed to enroll for one Workstation Authentication certificate (0x80070005). Access is denied. For more information, see Help and Support Center at http://support.microsoft.com.
Note If these errors occur on a domain controller, then add the Domain Controllers group to the CERTSVC_DCOM_ACCESS group. Domain controllers are not members of the Domain Computers global group and will not have sufficient DCOM permissions by default.
If you change the group membership to include the Domain Controllers group, you must restart the domain controller to reflect the change.
|
|
|
Exchange 2007 setting up external forward for a user
|
http://technet.microsoft.com/en-us/library/bb124237.aspx
To use the Exchange Management Console to mail-enable an existing mail contact
-
Start the Exchange Management Console.
-
In the console tree, expand Recipient Configuration, and then click Mail Contact.
-
In the action pane, click New Mail Contact. The New Mail Contact wizard appears.
-
On the Introduction page, click Existing contact, and then click Browse.
-
In Select Contact, select the contact that you want to mail-enable, click OK, and then click Next.
-
On the Contact Information page, complete the following fields:
- Organizational unit By default, the New Mail Contact Wizard displays the Users container in Active Directory. To modify this field, click Browse, and then select the organizational unit (OU) that you want.
- First name Type the first name of the contact. This field is optional.
- Initials Type the initials of the contact. This field is optional.
- Last name Type the last name of the contact. This field is optional.
- Name By default, the name is the first name, initials, and last name of the contact. You can modify this field.
- Alias By default, the alias is the first name, initials, and last name of the contact, separated by underscore characters (_). You can modify this field.
- External e-mail address To specify the external e-mail address, perform one of the following tasks:
To specify a Simple Mail Transfer Protocol (SMTP) e-mail address, click Edit, and then in E-mail address, type the SMTP e-mail address.
To specify a custom e-mail address, click the arrow next to Edit, click Custom Address, and then in E-mail address, type the e-mail address and the e-mail type. For example, you can specify an X.400, GroupWise or Lotus Notes address.
-
Click Next.
-
On the New Mail Contact page, review the configuration summary, which contains information about the options that you selected for the mail contact. To make changes, click Back. To create the mail-enabled contact, click New.
-
On the Completion page, the summary states whether the contact was successfully mail-enabled. The summary also displays the Exchange Management Shell command that was used to mail-enable the contact.
-
Click Finish to complete the task
|
|
|
Symantec Backup Exec 11.0d manually remove server from selection list
|
If you have a server that was turned off prior to removing it from your Backup Exec selection list you may have trouble with the GUI to remove it, use the text portion:
Right click the Job
choose Edit Selection List
click on the "View Selection Details" Tab
highlight what needs removed
click the "Delete" button
|
|
|
Bootrec.exe saved my @ss
|
Like I have done so many times before I used a 2nd VM to expand the boot/system drive on a Virtual Server, except this time it was running Windows 2008, after expansion I was getting the error about winload.exe missing or corrupt. After some googleing I came upon the Microsoft article: http://support.microsoft.com/kb/927392 so I booted from the Windows 2008 DVD, choose a repair, choose a command prompt, then ran bootrec.exe /RebuildBcd, the Windows 2008 VM then booted successfully.
|
|
|
Setting up a Windows environment for NTP
|
Setting up a Windows environment for NTP
To perform this procedure locally on the each domain controller, you must be a member of the Administrators group.
To perform this procedure from a remote computer, you must be a member of the Domain Admins
group.
To configure the Windows Time service on each domain controller
1. Open a Command Prompt.
2. Type the following command to display the time difference between the local computer
and a target computer, and then press ENTER:
w32tm /stripchart /computer:targetntpserver /samples:n /dataonly (replacing targetntpserver with your actual ntp server)
3. Type the following command to configure the server to use an external NTP server and then press ENTER:
w32tm /config /manualpeerlist:129.6.15.28 /syncfromflags:manual /reliable:yes /update
where peers specifies the list of DNS names and/or IP addresses of the NTP time source that each domain controller synchronizes from. For example, you can specify time.windows.com.
When specifying multiple peers, use a space as the delimiter and enclose them in quotation marks.
To set domain machines to sync with the domain
1. Open a Command Prompt.
2. Type the following command and then press ENTER:
w32tm /config /syncfromflags:domhier /reliable:no /update
3. Type the following command and then press ENTER:
net stop w32time
4. Type the following command and then press ENTER:
net start w32time
|
|