?
Solved

Can't re-issue domain controller certificate to Windows 2008 Server

Posted on 2011-03-18
4
Medium Priority
?
1,162 Views
Last Modified: 2012-05-11
Our Domain is controlled by a Windows 2003 SBS Server with two 2008 (X64) Global Catalogue servers as backups.  I am trying to re-issue a domain controller certifcate to one of the and it fails with the following error message:

Failed: The RPC server is unavailable. The certificate request could not be submitted to the certification authority.

The RPC service is running on both the Server 2008 and SBS 2003 Domain Controller and the CA is running (it's on the SBS 2003), so why can't I re-issue?  I don't have ISA server running and I have disabled the firewall on both servers to eliminate that....
0
Comment
Question by:-Juddy-
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 10

Expert Comment

by:Bawer
ID: 35164979
its not matter of RPC, but the event says, make sure the DNS is working fine and the servers can communicate correctly with each other. If you have windows 2008 as backup why don't you transfer the roles to 2008 server and instead make 2003 as backup.
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35165063
I am planning to retire the SBS 2003 as it no longer runs Exchange, SQL or Sharepoint so it's just aking as a DC.  I'll have to look into the transfer of roles and get it sorted; but as for the matter at hand, what would you suggest as an appropriate comms test between the servers?
0
 
LVL 3

Accepted Solution

by:
-Juddy- earned 0 total points
ID: 35165596
FIXED!!

Sorted it myself, it was down to NTFS permissions on the SYSVOL:

The problem was Share and NTFS permissions were not set properly for the SYSVOL Share:

Permissions for C:\

NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read

Permissions for C:\Windows\Sysvol

Share
Do not share this folder

NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control

Permissions for C:\Windows\Sysvol\Sysvol

Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read

NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)


 
After I have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

<enter>

Gpupdate

<enter>

Thanks anyway Bawer!
0
 
LVL 3

Author Closing Comment

by:-Juddy-
ID: 35196647
Fixed.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question