i keep getting the event id 1400 on reboot (or when i stop/start the ADWS service). how can i test to see where my problem comes from ? Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.FirstJohnOneNine

mmc file add\remove snap-in certificates computer account console root certificates (local computer) personal certificates in here i have 3 certificates one of the certificates is "network000-vm000server000-ca" (issued to and issued by are both the exact same thing) exp date is 2020 certificate status = this certificate ok so why am i getting the event id 1400 error on reboot.FirstJohnOneNine

you need to have there a certificate with the same name in Subject as is the name of the computer (such as DC1.domain.local) and the certificate should be issued by a trusted certification authority and should have Server Authentication purpose in its Enhanced Key Usage extension field. you probably have a CA installed on the same computer, so why not issue a new server certificate from that CA? ondrej.

you need to have there a certificate with the same name in Subject as is the name of the computer (such as DC1.domain.local) and the certificate should be issued by a trusted certification authority and should have Server Authentication purpose in its Enhanced Key Usage extension field. you probably have a CA installed on the same computer, so why not issue a new server certificate from that CA? ondrej. http://www.troyquigley.com/pictures/1400.jpg FirstJohnOneNine

yes, all your certs are expired. you probably don't have certificate autoenrollment enabled or your enterprise CA is not issuing them or running properly. just go into the certs MMC - Certificates - Local Computer on the DC and Request new certificate - Domain Controller. ondrej.

yes, all your certs are expired. you probably don't have certificate autoenrollment enabled or your enterprise CA is not issuing them or running properly. just go into the certs MMC - Certificates - Local Computer on the DC and Request new certificate - Domain Controller. ondrej. ok. maybe i am totally blind. but it looks like 3 of them expire in 2011 and the other one expires next week. am i looking at something wrong ?FirstJohnOneNine

blind me :-). ok then, you need to check the local computer store on the affected computer, not the list on the authority. o.

blind me :-). ok then, you need to check the local computer store on the affected computer, not the list on the authority. i am getting the event error on the CA (DC), it is one in the same.FirstJohnOneNine

http://www.troyquigley.com/pictures/1400b.jpgFirstJohnOneNine

hmm, weird. everything looks in order. would you export the certificate to a file and tried from command line something like: certutil -urlfetch -verify your-exported-dc-cert.cer and verify it is really successful. and then: netsh http show sslcert ondrej.

more info "trusted publishers" is empty http://www.troyquigley.com/pictures/1400c.jpg but i have 2 certificates with the same name in "trusted root certificates" and one of them has a key in its icon. how can i tell if this is a user certificate issue or a computer certificate issue. right now the username is the same as the computer name.FirstJohnOneNine

does having my computername and my username the same cause issues ???FirstJohnOneNine

Take a look at the same question asked previusly. http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d236b513-94df-4b9a-b034-f3b15b2b115f/#ef195eaf-f0a4-4a21-9f9d-9e80f1d32600 Regards, Awinish Vishwakarma Blog : http://awinish.wordpress.com Disclaimer : This posting is provided AS-IS with no warranties or guarantees and confers no rights.