CA failure, dead CA need new one
Hello,
Don't now if this is the correct forum,
We got a CA in a windows 2003 cluster (in one node), after virtualization, no one moved the CA to a new machine, the CA was issuing certificates to 3 or 4 IIS intranet aplications, now DC's keep logging DCOM errors not seeing the CA, and the web pages of
the intranet ask for a certificate.
The old certificate expires in about 2 months.
We tried to create a new CA, but it doesn't let us to make a root CA, we think because the references to the old one are still there, I've read a lot about, but everything I see is migrate an existing CA, but what can we do if that CA doesn't exist so long.
We tried to remove CA references on AD manually in a pre-production enviroment but it doesn't work, we tried te gave de same name to the new CA (with no hope obviusly) didn't work.
Any ideas?
April 19th, 2011 2:50am
You probably need to reset the Active Directory computer account
http://technet.microsoft.com/en-us/library/cc753596(v=WS.10).aspx
Please, review Amer Kamal's blog that covers decomissioning an old CA:
http://blogs.technet.com/b/pki/archive/2012/01/27/steps-needed-to-decommission-an-old-certification-authority-without-affecting-previously-issued-certificates-and-then-switching-all-operations-to-a-new-certification-authority.aspx
Free Windows Admin Tool Kit Click here and download it now
April 14th, 2012 12:14am