Have you checked below KB

http://technet.microsoft.com/en-us/library/cc774505(v=ws.10).aspx


http://support.microsoft.com/kb/931354


For details about Certificates the Security forum is the better place also:

http://social.technet.microsoft.com/Forums/en/winserversecurity/threads

Hope this helpsBest Regards,

Sandesh Dubey.

MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator |
My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

There is an amazing pack of free network admin tools. click here to download it

Over the past week, at random intervals, error log reports following warning:

Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 6/6/2012 8:33:14 AM
Event ID: 77
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: ServerFQDN
Description:
The "Windows default" Policy Module logged the following warning: The Active Directory connection to
ServerFQDN has been reestablished to ServerFQDN.


Warning is generated at least once within any 24 hour period and is not preceded or followed by any other warnings/errors.
I appreciate any guidance.



Best,
Bill

There is an amazing pack of free network admin tools. click here to download it

Sandesh,
Thanks for prompt reply and yes I've reviewed both your suggestions.
KB931354 makes reference to Server 2003 only. And while I appreciate MS's explanation "Certificate Services has re-connected to Active Directory at
the network location specified in the event description. No action is needed."
, my concern is that CertSvcs should never have lost the connection to AD so I sense a problem brewing.
I'll repost in Security forum.
Best,
Bill

Need to support users over the internet? click here try our remote control online beta

Have you checked below KB

http://technet.microsoft.com/en-us/library/cc774505(v=ws.10).aspx


http://support.microsoft.com/kb/931354


For details about Certificates the Security forum is the better place also:

http://social.technet.microsoft.com/Forums/en/winserversecurity/threads

Hope this helpsBest Regards,

Sandesh Dubey.

MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator |
My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

There is an amazing pack of free network admin tools. click here to download it

Sandesh,
Thanks for prompt reply and yes I've reviewed both your suggestions.
KB931354 makes reference to Server 2003 only. And while I appreciate MS's explanation "Certificate Services has re-connected to Active Directory at
the network location specified in the event description. No action is needed."
, my concern is that CertSvcs should never have lost the connection to AD so I sense a problem brewing.
I'll repost in Security forum.
Best,
Bill

Need to support users over the internet? click here try our remote control online beta

A number of things can cause a lost of connectivity to AD, such as:

Multihomed DCswiringswtichmore...
.
If you can post an unedited ipconfig /all of the cert server and of a DC, and any event log errors in the DS & FRS logs, we can point out any basic misconfigs for starters.
.Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs:
http://www.delawarecountycomputerconsulting.com/technicalblogs.php


This post is provided AS-IS with no warranties or guarantees and confers no rights.

There is an amazing pack of free network admin tools. click here to download it

A number of things can cause a lost of connectivity to AD, such as:

Multihomed DCswiringswtichmore...
.
If you can post an unedited ipconfig /all of the cert server and of a DC, and any event log errors in the DS & FRS logs, we can point out any basic misconfigs for starters.
.Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs:
http://www.delawarecountycomputerconsulting.com/technicalblogs.php


This post is provided AS-IS with no warranties or guarantees and confers no rights.

Need to support users over the internet? click here try our remote control online beta

Ace,
Server is standalone. I'll post the config & logs in short order.
Best,
Bill

Need to support users over the internet? click here try our remote control online beta

Ace,
Server is standalone. I'll post the config & logs in short order.
Best,
Bill

There is an amazing pack of free network admin tools. click here to download it

Hi,

Please run certdiag.exe on the CA server to got the certidiag results.

Make sure there is no expired certificates in the CA personal store.

Hope this helps!
Best Regards
Elytis Cheng
TechNet Subscriber Support
If you are
TechNet Subscription user and have any
feedback on our support quality, please send your feedback here.Elytis Cheng
TechNet Community Support

Need to support users over the internet? click here try our remote control online beta

Hi,

Please run certdiag.exe on the CA server to got the certidiag results.

Make sure there is no expired certificates in the CA personal store.

Hope this helps!
Best Regards
Elytis Cheng
TechNet Subscriber Support
If you are
TechNet Subscription user and have any
feedback on our support quality, please send your feedback here.Elytis Cheng
TechNet Community Support

There is an amazing pack of free network admin tools. click here to download it

Ace,
There are no errors in either the DS or DFS logs. FRS is disabled and has been since installation.
Here is the ipconfig /all output:

Windows IP Configuration
Host Name . . . . . . . . . . . . : host
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter TheNICS:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 78-2B-CB-71-93-6D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{5D0C45D3-443F-46D2-B686-5294F9F4D43B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Presently, IPv6 is completely disabled as it was causing issues with their router (which I am replacing). However, The AD connection occured for several days prior to disabled IPv6.
Not much to go on...is there anything else I may post?



Best,
Bill

There is an amazing pack of free network admin tools. click here to download it

Elytis,
I am not familiar with certdiag.exe and cannot locate it on the system drive nor the installation dvd. How may I obtain a copy?
There were no expired certs in the computer personal store or the user personal store.
Best,
Bill

Need to support users over the internet? click here try our remote control online beta

Elytis,
I am not familiar with certdiag.exe and cannot locate it on the system drive nor the installation dvd. How may I obtain a copy?
There were no expired certs in the computer personal store or the user personal store.
Best,
Bill

Need to support users over the internet? click here try our remote control online beta