Hi All,

 

I performed a Swing Migration several months ago and have had the following error showing up in the logs since.

"Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80040154). Class not registered".

I've finally found a site with a suggested solution "http://smbiz.blogspot.com/2007/02/autoenrollement-0x80040154-errors-after.html". The certificate mentioned does appear to be from the old SBS box based on it's valid from date, but I don't seem to have an equivalent for the current SBS. Does anyone know if it should be possible to delete that certificate without causing problems and/or if I should have an equivalent for the current SBS box?

 

Thanks for any advice.

Brett

Brett,

You state this like it's a great mystery that you have exhausted your options to solve.

When you bought a Technician Kit from SBSmigration.com, I provided you 90 days of unlimited support by email, and yet I have no record of you ever contacting me...not about this, not about anything. I am of course happy that you were apparently successful in completing your project and that you apparently didn't require major assistance, but I'm really not sure why you wouldn't simply follow-up with me directly...through SBSmigration.com where you bought the kit to get this answered. Your account provides you with access to the forums there...it's answered there. You can contact me directly by email, I answer those too.

How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows 2000 Server
http://support.microsoft.com/kb/889250/en-us

That KB is more information that is required. The only part you need is Step 6.

The error is the result of doing a Swing Migration of a server (the original one) which was configured as a Certificate of Authority Server, something SBS doesn't install by default and is rarely used in small business environments. The Technician Kit documentation doesn't even suggest to look for this or remove it...it's that rare. Typically you find this installed only in cases where someone was playing around or troubleshooting by "clicking buttons" and installed this somehow thinking it related to solving a problem with the IIS website cert...and it's not related.

Because the original server was killed without decommissioning it as a CA server, there's references in the AD that lead to the inocuous error. If you perform Step 6 in the KB you should see the problem go away. The other steps that discuss uninstalling things don't apply...the server where that was originally installed doesn't exist, only the trash in AD.

If you have any further issue with this, please contact me directly as part of your support options.

- Jeff

Hi Jeff,

 

My apologies if you thought I was implying that there was a problem with your kit or service in any way. As a first time user who had to perform a swing migration under a very tight time frame without an option for testing, I thought the process was as relatively simple as something like that can be.

 

The reason for the tight time frame was that the old server was showing signs of becoming unstable hardware wise, and I was off overseas for two months about two weeks later. Hence, by the time I got back and had time to look at it all again, the 90 days of support were over. I've just re-tried to access the forums  on www.SBSmigration.com and all I get is the 'your account has expired, please re-new' page, which is why I didn't post directly there. Let me know if I'm doing something wrong and should still have access to your forums.

 

As for why the Certificate Server was installed, that was because I was using certificates with VPN access, not through clicking buttons ;) .

 

Anyway, thank you for posting the solution. I will follow step six and reply with my results in case anyone else has a similar problem.

 

Brett