Solved

Win2k3 DC - Server: Missing X.509 DomainController certificate / Event 1383 - ??

Posted on 2009-04-03
2
926 Views
Last Modified: 2012-05-06

Dear all

i dont know how- but somehow our Win2k3 SP2 domaincontroller x.509 certificate is missing since a few days. it seems that it started when we try'd to renew an expired CA2 cert - but I not sure about it. The new CA2 cert was installed ok and is valid however.

Since then i got under the "directory service" event log viewer this:

>>> Error -- Event ID: 1383 / Category: Replication <<<
The local domain controller has no DomainController X.509 certificate.
Until this certificate is added, Active Directory replication between the local domain controller and domain controllers in all other sites will fail.
User Action: Add this certificate to the local domain controller.


We are connected to some other sites in europe - now the replication fails with events like this:

>>> Internal event: Active Directory could not send the following directory partition changes to the domain controller at the following network address.

Directory partition: DC=de,DC=le1dcch  ::  Network address: _IsmService@10bb579c-1b03-87ea-1621-6ea3321abd3c._msdcs.le1dcch
 
Additional Data: Error value:   6000 The specified file could not be encrypted.



I have absolutely no clue about certs.... can someone help me out how to get this x.509 DC cert back to our server?

I heard that this cert will automatically installed if an DC joins an (Enterprise) Domain. True?

thank you!

0
Comment
Question by:digifineEFX
2 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24061083
Normally yes, but if you are suggesting to demote/promote  taht might not work here.

On the CA try running:
certutil -pulse
Then on the DC run:
gpupdate /force

Is CA2 a second root CA or a subordinate under a common company root?  If it is a root CA you may need to import that in the trusted root CA store / distribute it via GPO.

The cert was just reissued / renewed, correct?  The CA wasn't reinstalled, maintenance or anything like that?

Other things you can try:
From CA run:
certutil -dcinfo -removebad
certutil -dsPublish
certutil -pulse
0
 

Author Comment

by:digifineEFX
ID: 24075611
Hi Paranormastic,   thanks so far for the answer!   i will check and will come back.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RESOURCE_SEMAPHORE waits - unexplained performance problem, BIG 20 54
How to run the DNS query from the server? 5 79
Server Login Issue 4 58
AD user acount change history 4 70
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question