My knowledge of Certificates is basic to say the least. I would be grateful if someone can help with the following..
I have noted in the system event logs the following message which appears on all 3 W2k3 DC's:
Event ID 20:
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied.
On further inspection in the Certification Authentication/Issued Certificates I have noted that the 3 Domain Controller Certificates have now expired. The events have been appearing randomly for the last 2 days but should they not auto-enrol - if not what is the best way to renew?
Also a few minutes after the above event the following is posted in the application log:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file
Thanks in advanced.