I have been seeing the following event on my DC: Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from serverm.company.com\company(The RPC server is unavailable. 0x800706ba (WIN32: 1722)).The unusual thing is the server it's referencing "serverm" is a past, demoted & removed exchange 2003 server. (We have since transitioned to Exchange 2007) I have never done much with an internal CA. How should the DC be getting the expired cert renewed?How can I change the location where it's looking to get it's cert from?Do I nead to manually install a CA?

Hi, Please try to request manually first: On DC, Open MMC, click Add/Remove Snap-in, choose Certificates, click Add, choose Computer Account, click Next, choose Local Computer, click Finish. Navigate to Personal\certificates folder, right-click in the middle panel, choose Request new ceritificate, follow the wizard, could you request a certificate? If not, please help to collect the following information for research: Certutil –cainfo >>ca.txt Certutil –view >>ca.txt ldifde –f ca.txt –d "CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=domain,DC=COM" –p subtree Use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file. If you would like other community member to analyze the report, you can paste the Sky Drive link here, if not, you can send the Sky Drive link to tfwst@microsoft.com. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Looks like your previous CA was not correctly demoted. To remove demoted CA, open ADSIEdit.msc, locate the folowing path:Configuration\Services\Public Key Services\Enrollment Servicesand remove old CA entry.> "CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=domain,DC=COM"Mervyn, this container contains Trusted Root CAs objects. To locate Enterprise CAs, you should check Enrollment Services container. http://www.sysadmins.lv

If I try to manually renew the cert, I still receive the error “RPC server is unavailable” The files can be found here à http://cid-129c35ef9d7741a2.skydrive.live.com/browse.aspx/.Public?uc=3 In regards to removing the CA, Would that have any adverse affect on the Domain?

looks like you haven't any CAs in your current forest. You need to remove demoted CA from AD (as described in my previous post). To renew certificates you will need to instal at least one Enterprise CA in your forest.When you remove CAs, the certificates may became unusable, because they cannot be renewed and (most important) cannot be checked for revocation, because each CA periodically publish CRLs. When CA is removed you cannot publish new CRLs (you can resign existing CRLs, but this is not recommended).http://www.sysadmins.lv

Thank you for correction! Regards. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Mike, As Vadims suggested, you may need to setup a new CA. If you’re not familiar with CA, please refer to the following article: Certificate Services http://technet.microsoft.com/en-us/library/cc783511(WS.10).aspx Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

As suggested, I removed the entried from the old CA from AD. At this point, can I run without a CA or will that create issues with AD or Exchange?

No. CA installation doesn't change anything in AD and is not related in any way with Excahnge. It just adds some entries to AD, to help users to locate CA server.http://www.sysadmins.lv