On a newly-added 2008 R2 replica domain controller, certificate enrollment as well as autoenrollment works, except for the Kerberos Authentication certificate. An enrollment or autoenrollment request made for this certificate fails, generating Events 6 and 13 in the Application log. The failure reason given in the event text is "the RPC server is unavailable" The CA receives the request; it appears in the failed request folder. The Request Status Code is "The RPC server is unavailable". The Request Disposition Message is "Denied by Policy Module". I created a duplicate template based on the Kerberos Authentication certificate template, with all settings the same, except on the Subject name tab, Supply in the request is selected instead of Build from this Active Directory information. When the request is made, the Subject Alternative name is manually populated with the same information as in a standard Kerberos Authentication Certificate (DNS Name=DCName.DomainName.com, DNS Name=DomainName.com, and DNS Name=NetBIOSDomainName). This certficate request succeeds. This makes me think the information built from Active Directory is missing something. On the PDC role holder, which also has the CA role, enrollment for a Kerberos Authentication certificate succeeds. How to correct this? Thanks.

Hi, For more information regarding Event ID 6 and Event ID 13, you may refer to the following Microsoft TechNet articles: Event ID 6 — Automatic Root Certificates Update Configuration http://technet.microsoft.com/en-us/library/dd348734(WS.10).aspx Event ID 13 — Automatic Root Certificates Update Configuration http://technet.microsoft.com/en-us/library/cc733970(WS.10).aspx Based on my research, you may try to add "Domain Controllers" to the Certificate Service DCOM Access group to fix the issue. For the similar issue, please refer to the following threads: Event 13, CertificateServicesClient - CertEnroll http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/1d0ba7b1-1925-4733-9699-fadb910c79ea Problem with Certificate Enrollment on 2008 R2 DC: Event ID 13 http://social.technet.microsoft.com/Forums/en/winserverDS/thread/78baedca-05da-4c37-bf88-f96ca34c2273 If the issue persists, you may refer to the following Microsoft KB article for further troubleshooting information: Troubleshooting RPC Endpoint Mapper errors using the Windows Server 2003 Support Tools from the product CD http://support.microsoft.com/kb/839880 Regards, Arthur Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com . Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.