I'm seeing this error in my Active Directory log. The error is on my primary dc which is an SBS 2008 box. The computer performing the request is my secondary dc running server 2008 r2.
Active Directory Certificate Services could not process request ## due
to an error: The request's current status does not allow this
operation. 0x80094003 (-2146877437). The request was for
domain\server2008r2$.
I have these errors in the r2 servers logs:
Automatic certificate enrollment for local system failed (0x800b0101)
A required certificate is not within its validity period when
verifying against the current system clock or the timestamp in the
signed file. .Certificate for local system with Thumbprint ###################### is
about to expire or already expired.
How can I resolve these?
Edit: Just wanted to add that the CA snap-in reports that the request failed due to a parsing error.
Edit 2: In my primary domain controller (the sbs 2008 server) it looks like the root cert has expired. Ive tried both renewing and requesting a new one, but it says no templates are valid.
Best Answer
This typically caused by the Certificate Authority for your domain's Active Directory Certificate Services being unavailable. Try looking into why your Domain Controller cannot participate in auto-enrollment.