Posted August 15, 200816 yr Good afternoon, We have a Enterprise Root CA setup on a domain member server (Windows server 2003 R2) and no subordinate at this point. This server hosts our Exchange 2003 server. I'm not super familiar with Certificate servers, but shouldn't this should have been setup on a domain controller? I discovered this because our DCs are giving error messages about KDC certificate is now invalid (see below for the full message). I don't want to effect the certificates that are already distributed. Any suggestions? **************************************** Event Type: Warning Event Source: KDC Event Category: None Event ID: 20 Date: 8/15/2008 Time: 7:51:00 AM User: N/A Computer: SVR11DC01 Description: The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 18 00 00 00 13 20 09 80 ..... .? 0008: 00 00 00 00 00 00 00 00 ........
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.