Automatic Certificate Enrollment Failed

When looking at the event logs of a Windows domain controller you may see an event error stating “Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0×80070005). Access is denied.”

To fix this error you need to add the Domain Controllers group to the CERTSVC_DCOM_ACCESS group in Active Directory. This will then allow the domain controller access to the certificate store and to retrieve the certificate thus fixing the problem.