Jump to content

Featured Replies

Posted

Good afternoon,

 

We have a Enterprise Root CA setup on a domain member server

 

(Windows server 2003 R2) and no subordinate at this point. This server

hosts our Exchange 2003

 

server. I'm not super familiar with Certificate servers, but

 

shouldn't this should have been setup on a domain controller?

 

I discovered this because our DCs are giving error messages about

 

KDC certificate is now invalid (see below for the full message).

 

I don't want to effect the certificates that are already

 

distributed. Any suggestions?

 

****************************************

 

Event Type: Warning

Event Source: KDC

Event Category: None

Event ID: 20

Date: 8/15/2008

Time: 7:51:00 AM

User: N/A

Computer: SVR11DC01

Description:

The currently selected KDC certificate was once valid, but now is

 

invalid and no suitable replacement was found. Smartcard logon

 

may not function correctly if this problem is not remedied. Have

 

the system administrator check on the state of the domain's

 

public key infrastructure. The chain status is in the error

 

data.

 

For more information, see Help and Support Center at

 

http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 18 00 00 00 13 20 09 80 ..... .?

0008: 00 00 00 00 00 00 00 00 ........

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...