troubleshooting Question

Windows 2003 - automatic certificate enrollment for DC issue

Avatar of RBraat
RBraatFlag for Netherlands asked on
Windows Server 2003Microsoft Legacy OS
4 Comments1 Solution798 ViewsLast Modified:
Hi,

Having an issue with automatic certificate enrollment on my domain controller.
What happened?
DC was an Enterprise root CA for test purposes. Used it to create a certificate for OWA with SSL. Afterwards removed the Enterprise toot CA role and removed the OWA certificate.
After that, in eventlog this message showed up:

-----
Event Type:      Warning
Event Source:      KDC
Event Category:      None
Event ID:      20
Date:            26-10-2009
Time:            16:55:48
User:            N/A
Computer:      MAIL
Description:
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found.  Smartcard logon may not function correctly if this problem is not remedied.  Have the system administrator check on the state of the domain's public key infrastructure.  The chain status is in the error data.
-----

In an attemt to solve the problem I ran 'certutil -dcinfo DeleteBad'. After this, the message above dissapeared, but I now have the message:

-----
Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      13
Date:            26-10-2009
Time:            19:33:12
User:            N/A
Computer:      MAIL
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80040154).  Class not registered
-----

While trying to resolve the issue, I discovered that there is something wrong with CertSvc, because when I give the command "net stop certsvc", I get: "System error 1060: the specified service does not exist as an installed service".
How can I resolve this, by reinstalling the certificate service as a role?

Any help welcome!
ASKER CERTIFIED SOLUTION
davorin

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros