?
Solved

Win2k3 DC - Server: Missing X.509 DomainController certificate / Event 1383 - ??

Posted on 2009-04-03
2
Medium Priority
?
936 Views
Last Modified: 2012-05-06

Dear all

i dont know how- but somehow our Win2k3 SP2 domaincontroller x.509 certificate is missing since a few days. it seems that it started when we try'd to renew an expired CA2 cert - but I not sure about it. The new CA2 cert was installed ok and is valid however.

Since then i got under the "directory service" event log viewer this:

>>> Error -- Event ID: 1383 / Category: Replication <<<
The local domain controller has no DomainController X.509 certificate.
Until this certificate is added, Active Directory replication between the local domain controller and domain controllers in all other sites will fail.
User Action: Add this certificate to the local domain controller.


We are connected to some other sites in europe - now the replication fails with events like this:

>>> Internal event: Active Directory could not send the following directory partition changes to the domain controller at the following network address.

Directory partition: DC=de,DC=le1dcch  ::  Network address: _IsmService@10bb579c-1b03-87ea-1621-6ea3321abd3c._msdcs.le1dcch
 
Additional Data: Error value:   6000 The specified file could not be encrypted.



I have absolutely no clue about certs.... can someone help me out how to get this x.509 DC cert back to our server?

I heard that this cert will automatically installed if an DC joins an (Enterprise) Domain. True?

thank you!

0
Comment
Question by:digifineEFX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 24061083
Normally yes, but if you are suggesting to demote/promote  taht might not work here.

On the CA try running:
certutil -pulse
Then on the DC run:
gpupdate /force

Is CA2 a second root CA or a subordinate under a common company root?  If it is a root CA you may need to import that in the trusted root CA store / distribute it via GPO.

The cert was just reissued / renewed, correct?  The CA wasn't reinstalled, maintenance or anything like that?

Other things you can try:
From CA run:
certutil -dcinfo -removebad
certutil -dsPublish
certutil -pulse
0
 

Author Comment

by:digifineEFX
ID: 24075611
Hi Paranormastic,   thanks so far for the answer!   i will check and will come back.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question