For additional information about certificate autoenrollment in Windows XP, follow the link to "Certificate Autoenrollment in Windows XP".
From a newsgroup post: Based on my research, the Event ID 15 indicates that the computer cannot locate the Active Directory and the event will be logged at 8-hour intervals in the Application event log. For more information about Event ID 15, please refer to ME310461
Based on my experience, if the DNS settings on the client computer are set incorrectly, this issue will occur. I suggest you check the following:
1. Go to the properties page of your local connection.
2. Go to the TCP/IP settings and make sure that the DNS IP Address is your DC's IP address.
3. Please apply the steps in ME244474
on the Windows XP computer. Test to see if the problem disappeared.
1. Click Start -> Run, type msconfig and click OK.
2. Go to the Services tab and click Hide All Microsoft Services and then click Disable All.
3. Go to the Startup tab and click Disable All.
4. Go to the Gpedit.msc console. Go to Computer Configuration -> Administrative Templates -> System -> Logon.
5. Enable the policy entry "Always wait for the network at computer startup and logon".
6. Restart computer and test again.
This issue could occur when a certification authority (CA) certificate is renewed. If this is the case, please refer to ME270048
to resolve the problem. Test to see if the problem disappeared.
This issue could occur when the AutoEnrollment settings are turned on and there is no Active Directory to handle the request. To turn off AutoEnrollment on the local machine do the following:
1. Type gpedit.msc in the run line to open Group Policy Console.
2. Under Computer Configuration node, click Windows Settings.
3. Click on Public Key Policies.
4. Double-Click on the AutoEnrollment Settings in the right window.
5. Click on "Do not enroll certificates automatically" and click "OK".
From a newsgroup post: "Based on my research, when you install a CA, on a machine that is running Windows 2003, it should automatically create a group called CERTSVC_DCOM_ACCESS and enroll all the domain controllers as members of this group. I suspect that this was not happening and hence the auto enrollment was failing. At this point, I suggest you run the following command on the problematic Windows 2003 Server:
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG.
After this stop and start the certsvr service by using the following commands:
net stop certsvc
net start certsvr
The steps above will create the group and then you can add the DCs as members of the group. If the group already exists, then simply add the DCs as members of the group".
See also ME822406
, and Error code 0x8007054b
for more details on this event.