server 2008r2 - certificate issue (event 1400)
i keep getting the event id 1400 on reboot (or when i stop/start the ADWS service).
how can i test to see where my problem comes from ?
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate
Authority (CA) is installed on the machine.FirstJohnOneNine
September 23rd, 2010 3:05pm
mmc
file
add\remove snap-in
certificates
computer account
console root
certificates (local computer)
personal
certificates
in here i have 3 certificates
one of the certificates is "network000-vm000server000-ca" (issued to and issued by are both the exact same thing)
exp date is 2020
certificate status = this certificate ok
so why am i getting the event id 1400 error on reboot.FirstJohnOneNine
Free Windows Admin Tool Kit Click here and download it now
September 23rd, 2010 4:13pm
you need to have there a certificate with the same name in Subject as is the name of the computer (such as DC1.domain.local) and the certificate should be issued by a trusted certification authority and should have Server Authentication purpose in its Enhanced
Key Usage extension field.
you probably have a CA installed on the same computer, so why not issue a new server certificate from that CA?
ondrej.
September 24th, 2010 5:46am
you need to have there a certificate with the same name in Subject as is the name of the computer (such as DC1.domain.local) and the certificate should be issued by a trusted certification authority and should have Server Authentication purpose in its Enhanced
Key Usage extension field.
you probably have a CA installed on the same computer, so why not issue a new server certificate from that CA?
ondrej.
http://www.troyquigley.com/pictures/1400.jpg
FirstJohnOneNine
Free Windows Admin Tool Kit Click here and download it now
September 24th, 2010 9:14am
yes, all your certs are expired. you probably don't have certificate autoenrollment enabled or your enterprise CA is not issuing them or running properly. just go into the certs MMC - Certificates - Local Computer on the DC and Request new certificate -
Domain Controller.
ondrej.
September 24th, 2010 9:20am
yes, all your certs are expired. you probably don't have certificate autoenrollment enabled or your enterprise CA is not issuing them or running properly. just go into the certs MMC - Certificates - Local Computer on the DC and Request new certificate -
Domain Controller.
ondrej.
ok. maybe i am totally blind. but it looks like 3 of them expire in 2011 and the other one expires next week. am i looking at something wrong ?FirstJohnOneNine
Free Windows Admin Tool Kit Click here and download it now
September 24th, 2010 9:22am
blind me :-). ok then, you need to check the local computer store on the affected computer, not the list on the authority.
o.
September 24th, 2010 9:29am
blind me :-). ok then, you need to check the local computer store on the affected computer, not the list on the authority.
i am getting the event error on the CA (DC), it is one in the same.FirstJohnOneNine
Free Windows Admin Tool Kit Click here and download it now
September 24th, 2010 9:44am
http://www.troyquigley.com/pictures/1400b.jpgFirstJohnOneNine
September 24th, 2010 10:24am
hmm, weird. everything looks in order. would you export the certificate to a file and tried from command line something like:
certutil -urlfetch -verify your-exported-dc-cert.cer
and verify it is really successful.
and then:
netsh http show sslcert
ondrej.
Free Windows Admin Tool Kit Click here and download it now
September 25th, 2010 3:32am
more info
"trusted publishers" is empty
http://www.troyquigley.com/pictures/1400c.jpg
but i have 2 certificates with the same name in "trusted root certificates" and one of them has a key in its icon.
how can i tell if this is a user certificate issue or a computer certificate issue.
right now the username is the same as the computer name.FirstJohnOneNine
September 30th, 2010 3:28pm
does having my computername and my username the same cause issues ???FirstJohnOneNine
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2010 4:06pm
Take a look at the same question asked previusly.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d236b513-94df-4b9a-b034-f3b15b2b115f/#ef195eaf-f0a4-4a21-9f9d-9e80f1d32600
Regards,
Awinish Vishwakarma
Blog :
http://awinish.wordpress.com
Disclaimer : This posting is provided AS-IS with no warranties or guarantees and confers no rights.
February 11th, 2011 3:08am