4555 » Windows XP Autoenrollment cannot reach an Active Directory domain controller?

I had been getting the following message in Big Brother on my new XP Pro installation : 

AutoEnrollment - " Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.    Enrollment will not be performed.  "

And here is what I dug up on this : 

Event ID 15 is logged every 8 hours in the Application event log:
Event Type: Error 
Event Source: AutoEnrollment 
Event Category: None 
Event ID: 15 
Date: date
Time: time
User: N/A 
Computer: computer name
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).
             The specified domain either does not exist or could not be contacted. Enrollment will not be performed.

Basically it is saying that, if the Windows XP installation is a member of a Windows NT 4.0 domain, the is no Active Directory. So the steps I used to fix it follow below :

If Windows XP is joined to a Windows NT 4.0 domain:

  1. Start / run / gpedit.msc / Enter
  2. Navigate to Computer Configuration / Windows Settings / Security Settings / Public Key Policies
  3. Double-click Autoenrollment Settings
  4. Select Do not enroll certificates automatically
  5. Press OK
  6. Close the Group Policy window

However, if your Windows XP is a member of a Windows 2000 or later domain:

  1. Control Panel / Network Connections / Local Area Connection / Properties
  2. Ensure that the correct DNS address is entered into the Preferred DNS server box.
  3. Press OK

Original link is shown here for reference, however I have learned to steal a copy of the html just in case that site ever goes offline.

Page last updated : March 7th, 2004 by Paul.