i dont know how- but somehow our Win2k3 SP2 domaincontroller x.509 certificate is missing since a few days. it seems that it started when we try'd to renew an expired CA2 cert - but I not sure about it. The new CA2 cert was installed ok and is valid however.
Since then i got under the "directory service" event log viewer this:
>>> Error -- Event ID: 1383 / Category: Replication <<<
The local domain controller has no DomainController X.509 certificate.
Until this certificate is added, Active Directory replication between the local domain controller and domain controllers in all other sites will fail.
User Action: Add this certificate to the local domain controller.
We are connected to some other sites in europe - now the replication fails with events like this:
>>> Internal event: Active Directory could not send the following directory partition changes to the domain controller at the following network address.
Directory partition: DC=de,DC=le1dcch :: Network address: _IsmService@10bb579c-1b03-87ea-1621-6ea3321abd3c._msdcs.le1dcch
Additional Data: Error value: 6000 The specified file could not be encrypted.
I have absolutely no clue about certs.... can someone help me out how to get this x.509 DC cert back to our server?
I heard that this cert will automatically installed if an DC joins an (Enterprise) Domain. True?