I am working through the offical microsoft mcts self-paced training kit (exam-70-640) configuring windows server 2008. Im basicly on page 747, nothing complicated. Have three servers: Server 1 Orginal domain controler, DNS etc , static ip 192.168.0.1 Server 3 AD CA. static ip 192.168.0.50, dns points to 192.168.0.1 etc. Server 4 AD CA + Issuing Authority, static ip 192.168.0.51 Problem: I have followed the instructions and created my CA root cert, imported it into the next teir down (server 4). But when I try to start the AD CA as per point 22 of page 748 it fails and says The revocation function was unable to check revocation because the revocation server was offline. Now each server can ping each server by name and ip. I have disabled the firewalls totally on server 3 and 4. What I have noticed that although I am logging into servers 3 and 4 into the contoso domain, I do not have admin access on them. What I am doing now is downloading a fresh copy of Windows 2008 r2 from 180 days trail. I am using vmware with the basic host enabled network under vmnet0. What I would like to know is what steps can I take on server 4 to reach out to server 3 (the root CA in this test lab)? The CRL path in the certificate was like file://server03.contoso.com/sercert etc etc, well that is hardly a share that is accessable via normal path. Can some one point me in the right dirrection. I will book mark this and update it this thread with results of two fresh windows 2008 r2 installs. Server 03 and server 04 were copys of a DC for contoso which I then ran dcpromo then removed the services. That maybe the cause? Please help if you have any idea about AD CS, I am studying for the 70-640. Thank you. Nigel

Hello, I think it will be better to post in Security Forums: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads http://social.technet.microsoft.com/Forums/en-US/ocssecurity/threads This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration