P
PaddleHard
Guest
Good afternoon,
We have a Enterprise Root CA setup on a domain member server
(Windows server 2003 R2) and no subordinate at this point. This server
hosts our Exchange 2003
server. I'm not super familiar with Certificate servers, but
shouldn't this should have been setup on a domain controller?
I discovered this because our DCs are giving error messages about
KDC certificate is now invalid (see below for the full message).
I don't want to effect the certificates that are already
distributed. Any suggestions?
****************************************
Event Type: Warning
Event Source: KDC
Event Category: None
Event ID: 20
Date: 8/15/2008
Time: 7:51:00 AM
User: N/A
Computer: SVR11DC01
Description:
The currently selected KDC certificate was once valid, but now is
invalid and no suitable replacement was found. Smartcard logon
may not function correctly if this problem is not remedied. Have
the system administrator check on the state of the domain's
public key infrastructure. The chain status is in the error
data.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 00 00 00 13 20 09 80 ..... .?
0008: 00 00 00 00 00 00 00 00 ........
We have a Enterprise Root CA setup on a domain member server
(Windows server 2003 R2) and no subordinate at this point. This server
hosts our Exchange 2003
server. I'm not super familiar with Certificate servers, but
shouldn't this should have been setup on a domain controller?
I discovered this because our DCs are giving error messages about
KDC certificate is now invalid (see below for the full message).
I don't want to effect the certificates that are already
distributed. Any suggestions?
****************************************
Event Type: Warning
Event Source: KDC
Event Category: None
Event ID: 20
Date: 8/15/2008
Time: 7:51:00 AM
User: N/A
Computer: SVR11DC01
Description:
The currently selected KDC certificate was once valid, but now is
invalid and no suitable replacement was found. Smartcard logon
may not function correctly if this problem is not remedied. Have
the system administrator check on the state of the domain's
public key infrastructure. The chain status is in the error
data.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 00 00 00 13 20 09 80 ..... .?
0008: 00 00 00 00 00 00 00 00 ........