Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remove Certificate Services

Posted on 2009-04-14
2
Medium Priority
?
1,262 Views
Last Modified: 2012-08-13
We currently have certificate services installed on one of our domain controllers (Windows 2003 Functional Domain) We are only using certificate services to issue an internal SSL key on one of our internal web servers.  We recently renamed our Domain and as you would expect, the certificate is now broken.  I am wondering if we can just uninstall Certificate Services, re-install certificate services on a different member server and re-issue the certificate to the internal web server.  Everything I have found online talks about moving certificate services to a different computer, not uninstalling it.  I looked through all the certificates that have been issued and we only have one that is currently not expired and that is the one on our internal web server.  

We are also getting the following errors on our Domain Controllers

Source AutoEnrollment
Event ID 13

Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005).  Access is denied.

So I am a little nervous about removing Certificate Services, because I am not sure how this will affect our Domain Controllers.
0
Comment
Question by:zoosysop
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24145657
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 1500 total points
ID: 24147590
The event id 13 is happening because you need to put the domain controllers group for your new domain into the CERTSRV_DCOM_ACCESS group - this may be a domain group if your CA was on a DC, otherwise it would be a local group on the CA box.

Since the name of the CA changed due to the rename, the only real way around this is to reinstall with a new certificate.  To best avoid issues, it would be best to completely remove the old CA from AD prior to reinstalling it.

I would also recommend taking a full backup including system state and archiving that for a bit, just in case you need to restore the old one.  Or just take the box offline and physically archive it.

How to decom a CA server properly from AD:
http://support.microsoft.com/kb/889250
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
Experts-Exchange users below are the steps you can follow to upgrade your Lync server to latest CU's or cumulative updates. Note: Perform it during non-production hours.   Step 1: Backup your lync and SQL server database. Follow below article: h…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question