Guest Paul Bergson [MVP-DS] Posted March 18, 2009 Posted March 18, 2009 You are going to have to clean up the old certificate stuff before pressing on, you can continue with the lost ca. http://support.microsoft.com/kb/555151 As far as how you should go forward, you need to figure out what you want to do. Having a CA you will need to know what level of trust are you trying to project. Is it just for internal consumption? Do you need external folks to gain access? I have copied the security NewsGroup in and I'm sure they have additional input as well. -- Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "David Fernandez" <ave_int@hotmail.com> wrote in message news:%23TGw5T7pJHA.1252@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > Hi, > > > > We have a windows 2003 active directory, with an exchange 2003 > organization. We had a certificate server which was also a DC. It had an > unrecoverable error some months ago. We could have domain working as we > have more DCs, but we are still using a certificate for OWA and RPC over > https created by the certificate server. > > > > I have some problems with public folder replication, because of the lack > of this certificate erver. We also have some problems to navigate through > the Exchange System administration console, concretely the public folders. > > > > I also have some problems in the domain controllers, Event viewer says: > "Automatic certificate inscriptions failed for Local System, cannot > inscribe a DC certificate. RPC server is not available" (Sorry, this is a > myself translation from Spanish) > > > > Now I've noticed that the certificate will expire in a few months. > > > > I would like to change this certificate, and make it work in the domain > and the Exchange System, so I can solve this problems. > > > > Which is the best way? Should I install a new certificate server? How I > can I solve those replication problems? Is there any thing I should keep > in mind before trying a new certificate server? > > > > Thank you very much for your answers. > > > > Kind Regards. > > > > David Fernández. > > </span> Quote
Guest Paul Bergson [MVP-DS] Posted March 18, 2009 Posted March 18, 2009 That should say "You can't continue with the lost CA." -- Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Paul Bergson [MVP-DS]" <pbbergs@nopspam_msn.com> wrote in message news:DEF35EF0-31B9-4F38-982B-9E6DDC503482@microsoft.com...<span style="color:blue"> > You are going to have to clean up the old certificate stuff before > pressing on, you can continue with the lost ca. > > http://support.microsoft.com/kb/555151 > > As far as how you should go forward, you need to figure out what you want > to do. Having a CA you will need to know what level of trust are you > trying to project. Is it just for internal consumption? Do you need > external folks to gain access? > > I have copied the security NewsGroup in and I'm sure they have additional > input as well. > > -- > Paul Bergson > MVP - Directory Services > MCTS, MCT, MCSE, MCSA, Security+, BS CSci > 2008, 2003, 2000 (Early Achiever), NT4 > > http://www.pbbergs.com > > Please no e-mails, any questions should be posted in the NewsGroup This > posting is provided "AS IS" with no warranties, and confers no rights. > > > "David Fernandez" <ave_int@hotmail.com> wrote in message > news:%23TGw5T7pJHA.1252@TK2MSFTNGP03.phx.gbl...<span style="color:green"> >> Hi, >> >> >> >> We have a windows 2003 active directory, with an exchange 2003 >> organization. We had a certificate server which was also a DC. It had an >> unrecoverable error some months ago. We could have domain working as we >> have more DCs, but we are still using a certificate for OWA and RPC over >> https created by the certificate server. >> >> >> >> I have some problems with public folder replication, because of the lack >> of this certificate erver. We also have some problems to navigate through >> the Exchange System administration console, concretely the public >> folders. >> >> >> >> I also have some problems in the domain controllers, Event viewer says: >> "Automatic certificate inscriptions failed for Local System, cannot >> inscribe a DC certificate. RPC server is not available" (Sorry, this is a >> myself translation from Spanish) >> >> >> >> Now I've noticed that the certificate will expire in a few months. >> >> >> >> I would like to change this certificate, and make it work in the domain >> and the Exchange System, so I can solve this problems. >> >> >> >> Which is the best way? Should I install a new certificate server? How I >> can I solve those replication problems? Is there any thing I should keep >> in mind before trying a new certificate server? >> >> >> >> Thank you very much for your answers. >> >> >> >> Kind Regards. >> >> >> >> David Fernández. >> >></span> > </span> Quote
![Guest Paul Bergson [MVP-DS]](https://offtopic.forum/uploads/set_resources_2/84c1e40ea0e759e3f1505eb1788ddf3c_default_photo.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.