further update with this command from console: certutil -viewstore ldap:///CN=domainnamechanged-servername-CA,CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=domainnamechanged,DC=private?cACertificate?base?objectClass=certificationAuthority shows three certs which the location says is unavailable hi there, i have removed the certificate services on server 2008 including the enterprise cert. then i reinstall, showing some parts which are 'unable to download' also public and private dont match with each other. how do i remove all of this and start from scratch? Mibble

Hello Have you looked into this http://support.microsoft.com/kb/889250Isaac Oben MCITP:EA, MCSE

I am looking now. This is pretty much what I have: Mibble

Can't seem to read your previous postIsaac Oben MCITP:EA, MCSE

sorry about that. in ad certificate services, the enterprise nas a red x the next step below the enterprisealso has a red x looking at root in the box to the side, teh ca certificate is ok, the aia location #1 is ok with a date and location aia location #2 status is unable to download, expiration empty and location starts with http and not ldap cdp is the same way. i am not able to paste an image of what i am looking at. i am in pretty much dire need at this time to get the system working. ThanksMibble

ok still working on this, the enterprise ca is working. i have tried to publish a certificate but it dows not show up when i go to the page. keeps saying no templates defined. Any ideas on how this may be resolved?Mibble

Hi, Please confirm if you have decommissioned the old CA by using the steps in KB article 889250. If you have done so, how many CA are there in the forest now? Meanwhile, please ensure the Anonymous Authentication is disabled in the Authentication of the CertSrv web site.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

i had microsoft support working on this, the case is still not losed. something with the certs, all users can connect to the vpn bug get an error 1263 when trying to map a drive. also this: failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error. Mibble

i had microsoft support working on this, the case is still not losed. something with the certs, all users can connect to the vpn bug get an error 1263 when trying to map a drive. also this: failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error. The results have now changed, have opened under a different thread as this one no longer pertains. Mibble

Do you think it would be better to decommission the CA server and delete the database and all associated and start over? At this time my external users are not able to do anything. There are not many users using the vpn to connect (10) and having them start from scratch is not a problem at all.Mibble

Do you think it would be better to decommission the CA server and delete the database and all associated and start over? At this time my external users are not able to do anything. There are not many users using the vpn to connect (10) and having them start from scratch is not a problem at all. Mibble I am closing this thread, it is still a process in work.