Verification of the domain controller certificates throws the error code ERROR_ACCESS_DENIED

Author Uwe GradeneggerPosted on Categories Active Directory, Troubleshooting, Certificate usageTags

Assume the following scenario:

  • With certutil a verification of the domain controller certificates is performed.
  • The operation fails with the following error message:
0: DC01

*** Testing DC[0]: DC01
Enterprise Root store: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
KDC certificates: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)

CertUtil: -DCInfo command FAILED: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
CertUtil: Access is denied.

Cause

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

The command may cause confusion because it can be executed both locally and remotely. However, in any case, it is required that the executing user has domain administrator permissions.

One thought on “Die Überprüfung der Domänencontroller-Zertifikate wirft den Fehlercode ERROR_ACCESS_DENIED”

  1. Pingback: Logon error with Windows Hello for Business: "Contact the system administrator and tell them that the KDC certificate could not be verified." - Uwe Gradenegger

Comments are closed.

en_USEnglish
de_DEDeutsch en_USEnglish