Thanks for the answer, we solved problem, b.test.com computers cannot access domain computers of c.test.com because of ipsec. I don't know why I worked. http://www.generation-nt.com/us/answer/domain-certificate-error-help-164091871.html " Hi To test do a SMB connection: "\\CAName.yourdomain.tld" from that DC. IF it asks for authentication credentials, you may have a FW issue, name resolution problems (from CA side or DC side). A workaround for this may be to cache the credentials on DC side (using the option save the credentials when you're doing the SMB connection).
I hope that the information above helps you. Have a Nice day. " Have you seen this? http://support.microsoft.com/kb/947237 Since you're working with a child domain you might have to adjust the groups a bit, but it looks like your error. From: Okan Bostan [mailto:[email protected]] Sent: Thursday, April 22, 2010 4:35 AM To: NT System Admin Issues Subject: Certificate AutoEnrollment issue Hi list, I have a question about Certificate AutoEnrollment cross child domains. In our Public CA (Server 2003) we prepare the cert template and assign autoenrollment security rights for the domain computers. Also give the GPO rights mentioned : http://technet.microsoft.com/en-us/library/cc739637(WS.10).aspx Our enviroment is: Forest: test.com. The CA is in child domain c.test.com all "C" domain computers can successfully get the certificate, and so the autoenrollment setings are OK. But the other computers(vista x86 clients) in child forest b.test.com, cannot autoenroll the cert, giving the error: [cid:[email protected]] Also I found this link<http://blogs.technet.com/instan/archive/2009/12/07/troubleshooting-autoenrollment.aspx> and try all the solution ways (DCOM), still no luck. This link<http://support.microsoft.com/?scid=kb;en-us;939882&x=7&y=9> also got no solution. In all scenarios I can manually enroll the cert. There is no access list or firewall between client and CA. Any suggestion about the problem? Thanks. Okan Bostan Istanbul Technical University IT Center ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<inline: image001.png>>
