My Appologies to anybody who has seen this before as I posted it in the wrong forum.... All, Years ago I created a Windows 2003 Stand Alone certification Authority so that I could take advantage of self-signed certificates. (I used these for a bit then I bought commercial certificates to replace them.) This stand alone was created in a child domain of the AD forest. Lately I have noticed (i shut off the service) that there are items logged in the domain contollers logs about not being able to get a certificate/expired certificates (if I start the CA service these will go away as the DC's can again contact it and get thier certicates renewed.) Even when the CA service is shut off and the errors in the logs of the DC's are present, it doesn't seem to affect anything. Does anybody know: 1. Why are the DC's asking for certicates from a stand alone CA? 2. How or should I prevent them from doing that. 3. If I uninstall this CA service, will it have an effect on the DC's? 3. The domain name in the CA is our external (email) domain and not the same domain name as the active directory. I am just a bit nervous as AD issues can be very unfun sometimes.....Any advice appreciated.... D