Certificate Services in 2003 Domain
Like so many people I am working through the common Autoenrollment error scenario, but there is lot's of advice on that and while it may be related, that isn't what has me concerned. I am not very knowledgeable at all about certificates, and so I am after some very specific advice. As I was trying things and fooling around with things relating to the Auto-enrollment error, I tried using certutil on one of our DC's. I was very concerned to see that just entering certutil gave an info dump that was all about a server that we haven't had for quite some time. I had also noticed a few times that I would see our servers trying to contact that dead DC - for example in DCDiag. I have looked for ways to eliminate reference to it and now suspect that what I am seeing in certutil is why it keeps showing up. Specifically, I want to know if I should delete all reference to it or not? In AD Sites and Services, under services, under Public Key Services, it shows up repeatedly and is really the only server referenced. We have no servers with CA installed. Do we need this? Is there any risk in deleting the old server references? Thanks! RDC
August 3rd, 2011 11:04am

you need to complete CA decomissioning process as follows: http://support.microsoft.com/kb/889250 process steps 6, 7 and 9.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2011 11:08am

I can give that a try, thanks! I take it then that I don't really need a CA? Is there any reason on a relatively simple network to have one?
August 3rd, 2011 11:17am

Once you will have a requirement for certificate services — you will have to install your own CA server or just purchase certificates from commercial provider.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2011 11:54am

Thanks again! I think that worked!
August 3rd, 2011 12:09pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics