Re: Enterprise Certificate Authority question

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/16/04 

Date: Fri, 15 Oct 2004 23:15:41 GMT

Check Active Directory Users and Groups to find the membership of the Cert
Publishers group which would show the actual server names of computers that
may be a CA. If you do not have any server in the domain with the
Certificate Services service running as shown in services.msc then you don't
have an active CA on your network for some reason. You could try to install
a new Enterprise Root CA if you want but the process may balk if Active
Directory thinks there is still an Enterprise CA in the domain. If that
happens I am not sure what the best way to clean up the metadata but see the
link below for advice if that happens and for additional info that may be
helpful. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;555151

"T0GGLe" <jehova1@dsl.pipex.com> wrote in message
news:5a657c10.0410150249.2e05880d@posting.google.com...
> Thanks once again everyone for your help. I know it must be a bit
> frustrating talking to a CA noob and you didn't have to post so
> thanks.
>
> I'm working my way through all the info you have provided and comments
> you have made to make sense of the setup on our network.
>
> It appears that there is no CA server on our network as every server
> that I go on does not have the CA authority service installed. In
> terms of the "http path" in the details tab of the certificate details
> described in an earlier post, all the servers that have certificates
> point to one particular server...but this server does not have CA
> installed. Also, when i go into sites and services, enable "services
> node" (thx didn't even know about this!) and drill down this is what i
> see:-
>
> NAME TYPE
> namedCA certification authority
>
> and that's all
>
> Now this would be great if "namedCA" ["named" is actually our company
> name but I've removed it for the post] was actually a server but it's
> not.What it is though is the same name that all the certificates that
> these domain controllers have (could just be chance - ie same naming
> convention). I was kinda expecting to see the name of the server that
> was being used as the CA server or nothing
> at all so was suprised to see this there.
> Properties of this object give no details at all.
>
> Any suggestions?
>
> Ta.

Relevant Pages

  • Re: Secure VPN access
    ... with it's security option for the client. ... After getting the VPN connection I check the Ip settings and found the ... point to the head ISP's DNS server. ... > Computer certificates for L2TP/IPSec VPN connections ...
    (microsoft.public.windows.server.sbs)
  • RE: L2TP/IPSEC site-to-site question
    ... seems more difficult on Windows and Isa 2000 mix, ... If I want to use certificates what type I have to use? ... > site-to-site VPN connection. ... > Site-to-Site VPN in ISA Server 2004 ...
    (microsoft.public.isa)
  • Re: Vista wireless using IAS and WPA-Enterprise
    ... certificates, which may be more than the limit that the IAS server can send ... on a Web site or if you use IAS in Windows Server 2003 ... Vista wireless using IAS and WPA-Enterprise ...
    (microsoft.public.windows.server.networking)
  • RE: L2TP/IPSEC site-to-site question
    ... Microsoft Internet Security and Acceleration (ISA) Server 2004 ... >site-to-site vpn connection. ... >My concerns are about the certificates part. ...
    (microsoft.public.isa)
  • Re: IAS EAP (PEAP)
    ... > IAS is registered with AD so I am okay there. ... If you create the server cert using the information below, ... Use this procedure to configure IAS server certificates for use with PEAP ...
    (microsoft.public.internet.radius)