Re: Accidentally revoked a domain controller certificate! How to clean up and start again?

From: Carol Chisholm (carol.lists_at_smalldomain.ch)
Date: 09/20/03 

Date: Sat, 20 Sep 2003 09:04:45 +0200

No, it's only a test environment.

Posting more out of curiosity, because this is the sort of thing that
can happen in real life, and it always happens on the day the backup
did not run.

What would I have to restore if I did have a backup? (this is an
Enterprise Root CA).

Carol

On Fri, 19 Sep 2003 17:04:49 -0400, "Laura A. Robinson"
<firstinitiallastname@technologist.com> wrote:

>circa Fri, 19 Sep 2003 21:01:39 +0200, in
>microsoft.public.windows.server.security, Carol Chisholm
>(carol.lists@smalldomain.ch) said,
>>
>> I could rebuild the domain from scratch.
>>
>> Is there an easier way?
>>
>> I had been making loads of certificates for testing OWA / ISA
>> configurations. While revoking them I accidentally revoked one of my
>> domain controller certificates.
>>
>> Now when I make a certificate and import it into the certificates mmc
>> on my ISA server, the domain controller which issued the certificate
>> does not appear in the Trusted Root Certification Authorities. So
>> nothing really works as it should.
>>
>> Any ideas please?
>>
>Do you have backups?
>
>Laura

Relevant Pages

  • Re: Enterprise CA for us? hardware migration of enterprise Root CA
    ... > must have the same name as the old CA server and it is a domain controller. ... > backing up the CA and certificates as described in KB298138] and dcpromo it. ... > have a fresh System State backup of your domain controllers for a rollback ...
    (microsoft.public.win2000.security)
  • Re: Digital Signatures - Confusion!
    ... --- Steve ... I went to the "Windows XP Backup Made Easy site, ... Explorer/tools/content - certificates. ... Please ignore that Digital Signature and install and run the file ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Enterprise Certificate Authority question
    ... be to try removing the certificates on one domain controller first - not the ... change in Active Directory such as creating a new user on a different domain ... >> Publishers group which would show the actual server names of computers ...
    (microsoft.public.win2000.security)
  • Re: KDC service hangs on start + cert error in event log at every boot
    ... There are domain controller certificates deployed that ... Remove all domain controller certs from the local ... "The currently selected KDC certificate was once valid, ...
    (microsoft.public.windows.server.general)
  • Re: Move CA problem
    ... I have a CA installed on W2K standard domain controller of my forest the pki is used for l2tp vpn conx and eap/tls wifi. ... I have a lot of vpn users wich are always at home, so i preffer to add a new CA on our W2K and add manually the different certificates, since i did that, it is the mess, and i have a lot of problems/errors. ... autoenrollement ditribute computers certificates to some computers not to all the computers of the same OU. ...
    (microsoft.public.win2000.security)