Replication Issue
I started getting this in one of the subdomain servers. Any ideas on how to fix it? Wasn't this supposed to be an automated task?
The certificate presented by the following domain controller for intersite replication was rejected because the certification authority is not trusted.
Domain controller:
jax1.jacksonville.healthca
Certification authority:
ADM1
Replication access has been denied to the domain controller listed above and the certificate has been discarded.
Additional Data
Error value:
0 The operation completed successfully.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
The certificate presented by the following domain controller for intersite replication was rejected because the certification authority is not trusted.
Domain controller:
jax1.jacksonville.healthca
Certification authority:
ADM1
Replication access has been denied to the domain controller listed above and the certificate has been discarded.
Additional Data
Error value:
0 The operation completed successfully.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
The certificate presented by the specified domain controller for intersite replication was rejected because the certification authority is not trusted. Replication access was denied to the domain controller and the certificate was discarded. The name of the certificate authority does not match the name expected by the domain controller. This might be a malicious computer. Verify that the domain controller presenting the certificate is a trusted domain controller.
http://kb.prismmicrosys.com/evtpass/evtpages/EventId_1223_ActiveDirectory_42872.asp
http://kb.prismmicrosys.com/evtpass/evtpages/EventId_1223_ActiveDirectory_42872.asp
ASKER
Yes, SMTP is used, and the issuer is my ADM1 server (adm1.healthcare.cns). The server in questions is jax1.jacksonville.healthca
OK, so make sure on that server or in CA console if that certificate is not expired or if your CA service is up and running. This looks like there is no possibility to contact CA or CRL.
Can you verify event logs on your CA server for errors, please?
Krzysztof
Can you verify event logs on your CA server for errors, please?
Krzysztof
ASKER
Hey Krystztof,
the JAX1 domain controller certificate is expired. The CA Authority cert good until 2013, the CA is up and running and can be reached from JAX1.jacksonville.healthca
I think I need to somehow renew the JAX certificate, however, it would not alow me. I had verified that ADM1 is added to the Trusted Root Certs in JAX1.
Thanks for your help!
the JAX1 domain controller certificate is expired. The CA Authority cert good until 2013, the CA is up and running and can be reached from JAX1.jacksonville.healthca
I think I need to somehow renew the JAX certificate, however, it would not alow me. I had verified that ADM1 is added to the Trusted Root Certs in JAX1.
Thanks for your help!
OK, so if your CA server is still up and running with valid certificate, you ma try to follow this MS article and re-issue certs for your server
http://support.microsoft.com/kb/295281
do this for domain controller certificate
Krzysztof
http://support.microsoft.com/kb/295281
do this for domain controller certificate
Krzysztof
ASKER
When I try to request a cert from ADM1 (http://adm1.healthcare.cns/CertSrv), it says: "No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occured while accessing Active Directory."
AD is fine, I am thinking that the permission issue is more plausible since I had checked the templates on ADM1.
AD is fine, I am thinking that the permission issue is more plausible since I had checked the templates on ADM1.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Regards,
Krzysztof