Product:Windows Operating System
Event ID:13
Message:Automatic certificate enrollment for %1 failed to enroll for one %2 certificate (%3). %4

The autoenrollment component determined that a valid certificate is not available for the user or computer account. The user or computer account required a new certificate, a certificate was superseded, a certificate was revoked and requires replacement, or a certificate requires renewal.

Possible causes include:

  • No network connectivity is available
  • No domain controller was found
  • No certificate authorities are available
  • No certificate templates contain the READ and ENROLL permission for to the computer or user in Active Directory

User Action

Make sure the computer is connected to the network or to the domain controller so it can work with Active Directory, and then, to pulse autoenrollment, type the following at a command prompt:

Gpupdate.exe /force

If this does not fix the problem, infrastructure or configuration changes might be needed. For more information and troubleshooting steps, see Certificate Autoenrolling in Windows 2003 in Microsoft TechNet.

Currently there are no Microsoft Knowledge Base articles available for this specific error or event message. For information about other support options you can use to find answers online, see