After installing a secondary domain controller (Windows 2008 Core RC1) in my existing domain (forest, domain functional levels: Windows 2003, root DC: Windows 2003 SP2), I keep getting the following errors in the new DC's event log:
Certificate enrollment for Local system failed to enroll for a DomainControllerAuthentication certificate from internal.fqdn\CAName (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
Certificate enrollment for Local system failed to enroll for a DirectoryEmailReplication certificate from internal.fqdn\CAName (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
I have verified that the Domain Controller Certificate template provides Enroll, Autoenroll Allow permissions for "Domain Controllers" and "Enterprise Domain Controllers".
There are not any failed requests in the CA.
Domain Controller Certificate Template properties:
Certificate Purposes: Client Authentication, Server Authentication, Smart Card Logon
Include e-mail address: No
Public Key Usage List: Digital Signature, Key Encipherment
Public Key Usage Critical: No
Publish in Active Directory: No
Object identifier: 1.3.6.1.4.1.311.21.8.2326345.5972755.6701730.12454250.14293220.59.1.28
Subject type: Computer
Major version number: 110
Minor version number: 0
Any help will be appreciated.
YP