Solved

How to renew a user certificate ?

Posted on 2009-06-29
2
654 Views
Last Modified: 2012-06-27
Hi all,
Once,I received the following eventID : Event ID 9323 Source MSExchangeSA.
I succeded to renew the certificate for the administrator as explained.
Now I get it again but for a single USER whose certificate expired.
How can I the renew the certificate on behalf of a user from the CA ?
Enclosed is an attachement of the current situation.
Step-by-step help would be greatly appreciated.
Regards,
Stéphane
certificateissue.jpg
0
Comment
Question by:Svenzardda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 250 total points
ID: 24737788
Look at the certificate on the Details tab and look for the Certificate Template Information field and select that.  In the white box at the bottom it will name the certificate template issued under and the template's OID (for basic EFS it will be "EFS" otherwise if a duplicated template it will be a very long number).

Open the CA MMC and make sure that the template is still issued to the CA under the Certificate Templates folder.  If not, right-click the Cert Tempaltes folder - new - Certificate tempalte to issue.. and select thetemplate.  Wait for AD replication and it should be available now.

If already there, check the pending requests and just make sure there isn't something sitting there.

Once available (or if it already was) then open up http://CASERVERNAME/certsrv page and select the first option on each page, then select the template from the drop down list and fill out the form for a new cert.

Once installed, have the user open a cmd prompt and run this from any directory:
cipher /u

this will update all EFS encrypted files that the user has access to to use the new EFS cert.

Note:
Make sure you have USMT version 3.0 installed and back up their profile after installing any EFS cert in case they ever need a new profile (and other benefits).
http://technet.microsoft.com/en-us/library/cc766089(WS.10).aspx
USMT3.0 Download:
http://www.microsoft.com/downloads/details.aspx?familyid=799AB28C-691B-4B36-B7AD-6C604BE4C595&displaylang=en
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part One of the two-part Q&A series with MalwareTech.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question