Hi When I install Certification services(from Control Panel->add remove Prorams->Add remove components) for Enterprise root CA, It Gives error an error was detected while configuring certificate services. The certificate services setup wizard will need to be rerun to complete the configuration. An error occurred during the creation of the configuration files. make sure the shared folder exists and has ncessary permissions. configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. 0x80070547 (WIN32:1351) Please Help me out.. Thanx in Advance

0x80070547 = ERROR_CANT_ACCESS_DOMAIN_INFO looks like the machine does not have AD access - test with NLTEST /sc_verify:domain-name or the user which is installing the Enterprise CA is not member of Enterprise Admins group. o.

when i run C:\Documents and Settings\Administrator.AD>nltest /finduser:Administrator I get this Domain Name: AD0 Trusted DC Name \\AD The command completed successfully when i run C:\Documents and Settings\Administrator.AD>nltest /sc_verify:AD0 i get this I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN I am logged in with Administrator who is member of Domain Admins and Enterprise Admins... Then what's Problem.. Please Help

looks like the CA computer may have difficulties with DC location or with it computer account. a) check wheter you can resolve the domain name: nslookup SET Q=SRV _ldap._tcp.dc._msdcs.<your-FQDN-domain-name> b) try disconnecting the computer from domain and connecting back again (or use NETDOM RESETPWD) ondrej.

when I runC:\Documents and Settings\Administrator.AD>nslookup it gives me DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 192.168.1.56: Timed out Default Server: UnKnown Address: 192.168.1.56 When i run these commands > set q=srv and then >_ldap._tcp.dc._msdcs.Ad.ots.com it responses Server: UnKnown Address: 192.168.1.56 DNS request timed out. timeout was 2 seconds. _ldap._tcp.dc._msdcs.Ad.ots.com SRV service location: priority = 0 weight = 100 port = 389 svr hostname = ad.ots.com ad.ots.com internet address = 192.168.1.56

ok. then it looks like the machine has its computer account (rather just its password) corrupted. Try disconnecting if from domain and connecting back again (this is non-destructive, you will not loose any security or configuration once you connect back). Or do the same thing with NETDOM RESETPWD o.

My Machine is domain controller how can i disconnect it ? or do i have to run dcpromo ?

oh, I didn't know that. Then don't do it! It looks like there are may bye some other problems that would require more sofisticated troubleshooting. I cannot help you this way over forum probably. Sorry. Just try installing it again and maybe try to check event logs etc. - just some normal troubleshooting. o.

Hi, Please try to make this Domain Controller a Global Catalog. In Active Directory Sites and Services, navigate to the NTDS Settings of this DC, check the box before Global Catalog. Then, try to install CA again. Here’s a similar thread about the error "configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. 0x80070547 (WIN32: 1351)" http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/bc2f8e24-8ee4-428f-aced-8e223153209b/ Hope it helps. Regards, Bruce

it's Alreadychecked but still i cant install it.. :(

Any Help Please ??

First, it's not recommended to install CA on DC. install it on member server. If not work, it seems there's something wrong with your AD. Run dcdiag, if there's any error, post in Directory service forum to fix the error.