Re: Certificates Question



On Fri, 14 Dec 2007 12:51:39 -0600, Jon wrote:

My DC's are squaking about failing to renew their certificates. It's
stating that the RPC server is unavailable with Event ID's 13 and 16. I am
not sure where the certificates are supposed to come from. I have never
installed Certificate Services on any of my DC's or any other server I have
running. Should this be the first DC we created in our network? It was an
NT PDC that had an in place upgrade done on it. It has recently died and
needed to be replaced. Its death forced us to seize the FSMO roles due to
it not transferring them to another DC before it kicked the bucket. I am
running Windows Server 2003 SP2 on all of my DC's (two Root DC's and two
Child DC's) and all are configured as GC's and DNS. Do I need to install a
CA in my domain for this to work? Everything is working at the moment but I
need to settle this down.

What are the exact error messages?

Are you sure that you've never had a CA on this network or that no one has
deployed 3rd party certificates to these DCs in the past? A DC won't try to
renew a certificate if it doesn't have any.
Run mmc.exe and add the Certificates snap-in focused on the local computer
on the DCs that are complaining. Are there any certificates in the Personal
store? If so, who were they issued by?

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Those who can, do. Those who cannot, teach. Those who cannot teach,
HACK!
.



Relevant Pages

  • Re: RADIUS and Certs
    ... Another option is to buy comercial certificates from third parties. ... IAS on our Windows 2003 server so we can use AD and stop having to ... We are a Windows 2000 domain with W2003 member servers. ... If you install a CA on your production network you won't be able to easily ...
    (microsoft.public.internet.radius)
  • Re: All the members of a network are trusted ho sts
    ... I need to divide the network in trusted groups. ... I lack arguments in order to decide how to define or select trusted hosts ... -The server is a reliable source of time (even though it does not have the ... synchronized are trusted hosts, have trusted generated certificates. ...
    (comp.protocols.time.ntp)
  • Re: Replace current Certificate server
    ... Well you should know iwhat is going on in your network, including the use of Certificates, you're the right person to answer that, not me:) ... If you're sure that your DCs aren't making any use of the existing Ca, you can remove the CA without any problem and introduce the new one, I've done this several times and never had any problem, however is always good to test before Implement. ... and some of the domain controllers are listed as having certificates....I ... >>> 4) I need to know can I simply Install certificate services on the ...
    (microsoft.public.windows.server.active_directory)
  • Re: [Full-disclosure] HTTP AUTH BASIC monowall.
    ... Since there aren't that many truly critical systems (in my network) ... They need to blindly accept unsigned SSL certificates, ... connect them to the server. ... Harvard Security Group ...
    (Full-Disclosure)
  • HTTPS Listener still doesnt work
    ... clean format/reinstall of Win2k3 Std + ISA Server and ran all of the updates ... I have a simple network with one adapter for the external network and one ... I went into the certificates MMC and imported the web server's ... name and create a new web listener on one of the ...
    (microsoft.public.isa)