• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 338
  • Last Modified:

Is Certificate Services Required for a Single Domain with Two DCs and a 3rd Party Exchange Certificate?

This probably seems like a bonehead question.  I am about to upgrade from Server 2003 to Server 2008 active directory and am clearing out a couple of Event Viewer errors. One is ID 13, Autoenrollment.  Apparently I am lacking the CERTSVC_DCOM_ACCESS security group.  We have a  third party certificate for our Exchange server.  Can I finesse this simply by installing Certificate Services and making sure this security group is created?  And adding the DCs, of course.  Or will this engender some configuration headaches that might interfere with our 3rd party certificate?
1 Solution
normally exchange 2007 and above comes with certificate services for self-signed certificate that is integerated with AD, and internally used with mailbox users, if you have exchange 2007 and above, go to certificate website in exchaneg and make you requests for those cretificate and install them.
Herb-AvoreAuthor Commented:
I may have found an MS support article that describes the problem and offers a solution.  ID 927066.  It says I need to run the following commands to create the missing security account. certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc

I just have a lingering concern that this might interfere with the settings for the 3rd party Exchange certificate.  By the way, I looked for the the certificate web site in Exchange as you suggested but cannot find it.  Will keep looking.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now