Re: Removing CA Objects from AD

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 08/11/05


Date: Thu, 11 Aug 2005 19:43:29 +1000

I think after the crash the previous CA information is still stored in the
AD - under Services, that is.
Fore detailed information, see "How to decommission a Windows enterprise
certification authority and how to remove all related objects from Windows
Server 2003 and from Windows 2000 Server" -
http://support.microsoft.com/?id=889250, and the removing objects part in
it.

-- 
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
"Billy" <bj1725@ntlworld.com> wrote in message
news:e9mbJ8anFHA.2916@TK2MSFTNGP14.phx.gbl...
> hi
> Can you clarify - the server that crashed has been rebuilt using the same
> name and is now back onto the domain and re-assgined its position within
AD
> sites & services?
>
> Billyj
>
>
>
> "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
> news:ewsxwjZnFHA.3568@TK2MSFTNGP10.phx.gbl...
> > Remove the CA object from Active Directory sites and Services?
> >
> > -- 
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
> >
> > "Billy" <bj1725@ntlworld.com> wrote in message
> > news:#47$gEZnFHA.1088@TK2MSFTNGP14.phx.gbl...
> >> My master DC crashed and had to be rebuilt - it was originally set up
as
> >> a
> >> certificate server, I have not re-installed certificate services and
not
> >> wish to if I can get away with it. - however I am getting an warning in
> >> my
> >> event log
> >> Source: Winlogon
> >> Category: None
> >> Event ID: 1010
> >> Automatic enrollment against the certification authority 'myservername'
> > for
> >> a certificate of type DomainController has failed (0x800706ba) The RPC
> >> server is unavailable. - Another certification authority will be tried.
> >>
> >> The only issues I  can see is that I can no longer get OWA (it is an
> >> exchange server also) Clients accessing OWA did have to do a HTTPS
> >> connection after I had set up the CA.
> >>
> >> So basically what I am asking is how to overcome this by manually
> >> removing
> >> the CA object left in Active Directory?
> >>
> >> BillyJ
> >>
> >>
> >
> >
>
>


Relevant Pages

  • Re: Machine Account Secure Channel Password Reset
    ... How to decommission a Windows enterprise certification authority and how to ... remove all related objects from Windows Server 2003 and from Windows 2000 ... Reset Machine Account Passwords of a Windows 2000 Domain Controller ...
    (microsoft.public.windows.server.active_directory)
  • Re: Remove CA from Forest DC
    ... How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows 2000 Server ... Move a certificate authority to a new server running on a domain controller. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Restoring a Entreprise ROOT CA, help
    ... How to decommission a Windows enterprise certification authority and how to ... remove all related objects from Windows Server 2003 and from Windows 2000 ... the server with the Entreprise Root CA was broken and i want to restore ...
    (microsoft.public.windows.server.active_directory)
  • Re: Moving CA to another server
    ... MS-KBQ298138_How to move a certification authority to another server ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... I have a Enterprise Root CA on Windows 2000 based Domain Controller. ...
    (microsoft.public.windows.server.active_directory)
  • Re: IPSec for ODBC connection?
    ... I created an IPSec policy on the server with a Block All filter and an ... ODBC Filter allowing 1433 incoming with an Authentication Method of ... Certification Authority only and a certificate I created on the ... the client cannot connect on ODBC ...
    (microsoft.public.win2000.security)