Verification of the domain controller certificates throws the error code ERROR_ACCESS_DENIED

Author Uwe GradeneggerPosted on Categories Active Directory, Troubleshooting, Certificate usageTags

Assume the following scenario:

  • With certutil a verification of the domain controller certificates is performed.
  • The operation fails with the following error message:
0: DC01

*** Testing DC[0]: DC01
Enterprise Root store: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
KDC certificates: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)

CertUtil: -DCInfo command FAILED: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
CertUtil: Access is denied.

Cause

The command may cause confusion because it can be executed both locally and remotely. However, in any case, it is required that the executing user has domain administrator permissions.

One thought on “Die Überprüfung der Domänencontroller-Zertifikate wirft den Fehlercode ERROR_ACCESS_DENIED”

  1. Pingback: Logon error with Windows Hello for Business: "Contact the system administrator and tell them that the KDC certificate could not be verified." - Uwe Gradenegger

Comments are closed.

en_USEnglish
de_DEDeutsch en_USEnglish